# Remote Desktops Remote Desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries may also perform RDP session hijacking which involves stealing a legitimate user's remote session. As the title implies, Lateral Movement using RDP Connections, how can we move from 1 PC to another and also having a wonderful GUI, well nothing beat's and RDP Session besides having a Graphical Interface when you are moving to different machines and also a great thing about this is that the users are always Admin! (Majority of the time). Let's look at our target, and Check the RDP Port. ![](/files/-LzGHoGFWNpYwdxEjuSU) RDP Session fantastic we can use `xfreerdp` on our Kali box to RDP into the Target machine. Great we have an RDP Session now. ![](/files/-LzGJQiS9m-7ge9yAXS5) After more enumeration and finding more PC's on the Network there is also another Machine with RDP Enable and guess what you have the proper credentials to Log In!. And if you check in the Title Bar we can see and RDP session inside another RDP Session. ![](/files/-LzGJue9W-ECgG727dT3) From here we can see that moving from one machine to another is fairly simple with the proper permissions and correct set of User info with Credentials, this is a fairly easy to understand Lateral Movement Technique but just be aware that not always you will get a nice GUI for your Simulations. This is just to be aware that the technique exists. {% hint style="info" %} This is one of the methods that does not require the User to be an Administrator just special Group Permissions (Remote Desktop Users) or just RDP Access. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes/lateral-movement/remote-desktops.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.