RDP

Remote Desktop Protocol is a GUI interface that Microsoft has built for users when trying to access a remote workstation usually running on Port 3389, this is great for employees working in remote locations trying to access the network environment.

Usually, to jump around workstations utilizing the RDP protocol a user must have special permissions to remote onto another box with the current user's permissions, on the other hand, Administrators of a Domain (Domain Admins) Or local Administrators of the box can RDP.

The following demonstration will show the use of RDP has Lateral Movement

Attacker Box RDPs into the user’s workstation

Our enumeration says that the HelpDesk user has permission to RDP onto the Desktop-Bravo workstation from the Desktop-Alpha workstation, we will enter the credentials from the user

And we will successfully have moved from Alpha to Bravo via RDP

PreviousLateral Movement NextPowerShell Remoting

Last updated 2 years ago