Remote Desktops

ID: T1076 Tactic: Lateral Movement

Remote Desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS.

Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries may also perform RDP session hijacking which involves stealing a legitimate user's remote session.

As the title implies, Lateral Movement using RDP Connections, how can we move from 1 PC to another and also having a wonderful GUI, well nothing beat's and RDP Session besides having a Graphical Interface when you are moving to different machines and also a great thing about this is that the users are always Admin! (Majority of the time).

Let's look at our target, and Check the RDP Port.

RDP Session fantastic we can use xfreerdp on our Kali box to RDP into the Target machine. Great we have an RDP Session now.

After more enumeration and finding more PC's on the Network there is also another Machine with RDP Enable and guess what you have the proper credentials to Log In!. And if you check in the Title Bar we can see and RDP session inside another RDP Session.

From here we can see that moving from one machine to another is fairly simple with the proper permissions and correct set of User info with Credentials, this is a fairly easy to understand Lateral Movement Technique but just be aware that not always you will get a nice GUI for your Simulations. This is just to be aware that the technique exists.

This is one of the methods that does not require the User to be an Administrator just special Group Permissions (Remote Desktop Users) or just RDP Access.

Last updated