Port 3389 - RDP

Identifying non deafult port as RDP with aux scanner

msfconsole
use auxiliary/scanner/rdp/rdp_scanner
set RHOSTS demo.ine.local
set RPORT 3333
exploit

We can Identify RDP endpoints using an auxiliary module on port 3333 if it’s running RDP.

Bruteforcing RDP (hydra)

XFREERDP

Detecting RDP Attacks

LogoLateral Movement - Remote Desktop Protocol (RDP) Event LogsThe DFIR Spot

CVE-2019-0708 Bluekeep

Fails if NW authentication is enabled

The BlueKeep vulnerability affects multiple versions of Windows:

  • XP

  • Vista

  • Windows 7

  • Windows Server 2008 & R2

PreviousPort 3306 MySQLNextPort 5985 - WINRM

Last updated