Remote Desktop Protocol RDP (Port: 3389)


MSF module for scanning if RDP is available on a certain port

  • auxiliary/scanner/rdp/rdp_scanner This module check if a certain port running RDP by sending a user & pass and also tries to guess the system OS info.

MSF module to enable RDP:

post/windows/manage/enable_rdp

This module enables the Remote Desktop Service (RDP). It provides the options to create
an account and configure it to be a member of the Local Administrators and
Remote Desktop Users group. It can also forward the target's port 3389/tcp.

Pasted image 20250422225928.png

And we can confirm it's open:

Pasted image 20250422230000.png

  1. Now set USERNAME and PASSWORD in the module options to create them and enable RDP with them:
  2. then connect with them using #xfreerdp tool.

Pasted image 20250422231309.png

This is proof:

Pasted image 20250422231515.png

Brute force RDP:

  1. use [[Hydra]] to bruteforce rdp service
  2. use #xfreerdp to login to rdp
  3. command : xfreerdp /u:<user> /p:<pass> /v:<ip address>:<port if not default>

rdp_login.png



Exploits & Vulnerabilities:

[[CVE-2019-0708 (BlueKeep) RDP]]