> For the complete documentation index, see [llms.txt](https://dmcxblue.gitbook.io/red-team-notes-2-0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/initial-access/untitled/rdp-service.md). # RDP Service Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS) Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Sometimes we need to access our PC from a remote location due to situations that are out of our control, but Windows made it simple to allow RDP Connections to our PC through the RDP Service. (Pro to Enable, Home only allows Connection). And we will initiate our RDP Service to point a Public IP Address so that we can Access our Internet Network from a remote location. Here in a work perspective is great in an Attacker perspective this is even greater, the only thing that stops them is too find any Valid Accounts that can give them access to the service. There are some public exploits but have a few requirements for them to be successful. Some need to run a specific service (UltraVNC, TightVNC, etc.) Other need older OS (Windows XP, Vista, 7). **Recon** Let us start with a simple nmap scan these services run on specific ports(unless changed) RDP is known for running on port 3389 we will focus our scan on this specific port and see what information we can grab from this port. ![](/files/-MRh2BpocMNYr40z-gFq) We continue by searching for accounts or common passwords that can give us some access to this services, in this step we can use many techniques such as OSINT, Phishing, Leaked Databases, etc. These will be helpful to find users or credentials for trying out on the External Remote Services available from a company that is facing the public internet. **Exploitation** Well on this attack we won't be using any exploits but this attack consists mostly on having some Valid Accounts with RDP Permissions or Administrator Account Privileges, these accounts are usually the ones capable of remote access through RDP. But in this example we did our recon and found some old credentials leaked in a previous Database. `User: John` `Password: P4$$W0rd123!` ![](/files/-MRh2EJwMPa5YF64JuR6) And finally after some hard work we manage to get Access through our RDP Service that we found in our Initial Recon, this is another great example not common but still out there, that can give attackers access to the internal network. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/initial-access/untitled/rdp-service.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.