-
Notifications
You must be signed in to change notification settings - Fork 780
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0b6aa1c
commit e9c9ef0
Showing
2 changed files
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| --- | ||
| title: "RDP Exploiter" | ||
| draft: false | ||
| description: "Exploits RDP" | ||
| tags: ["exploiter", "rdp", "brute force"] | ||
| pre: "<i class='fa fa-desktop'></i> " | ||
| --- | ||
|
|
||
| ## RDP | ||
|
|
||
| [RDP (Remote Desktop Protocol)]( | ||
| https://learn.microsoft.com/en-us/windows/win32/termserv/remote-desktop-protocol) | ||
| is a network communication protocol by Microsoft which enables users to connect | ||
| to another computer over a network, providing a remote display and input | ||
| capabilities to the user. It is commonly used for remote administration, remote | ||
| technical support, and remote work access. | ||
|
|
||
| ## Exploitation | ||
|
|
||
| Machines with RDP enabled may be accessible to attackers if | ||
| they come across the correct credentials. | ||
|
|
||
| Infection Monkey's RDP exploiter uses brute-force to attempt to | ||
| propagate to a victim via RDP. | ||
|
|
||
|  | ||
|
|
||
| ### Credentials used | ||
|
|
||
| The RDP exploiter can be run from both Linux and Windows attackers and will use | ||
| [user-configured credentials](/usage/configuration/credentials) as well as LM or | ||
| NT hashes collected from other victims. Different combinations of credentials | ||
| are attempted in the following order: | ||
|
|
||
| 1. **Brute force usernames and passwords** - The exploiter will attempt to use | ||
| all combinations of usernames and passwords that were set in the | ||
| [configuration](/usage/configuration/credentials) or collected from other | ||
| victims. | ||
|
|
||
| 1. **Brute force usernames and NT hashes** - The exploiter will attempt to use | ||
| all combinations of usernames and NT Hashes that were set in the | ||
| [configuration](/usage/configuration/credentials) or collected from other | ||
| victims. | ||
|
|
||
| This only works on Windows 8.1 and Windows Server 2012 R2. You can read more | ||
| [here](https://www.kali.org/blog/passing-hash-remote-desktop/). | ||
|
|
||
| ## Mitigation | ||
|
|
||
| 1. Change user passwords to complex passwords that are not shared with other | ||
| computers on the network. | ||
|
|
||
| For information about remediating RDP-related security risks, see | ||
| [Microsoft's | ||
| guidance](https://www.microsoft.com/en-us/security/blog/2020/04/16/security-guidance-remote-desktop-adoption/) | ||
|
|
||
| ## See also | ||
| - [RDP exploiter reference documentation](/reference/exploiters/rdp) |
Binary file added
BIN
+289 KB
docs/static/images/island/configuration-page/rdp-exploiter-configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.