3389 - RDP

Identification and Scans

# Using nmap NSE scripts
nmap -Pn -sV --version-intensity=5 -p T:3389 --script=xxxx <IP>

# Determines which Security layer and Encryption level is supported by the RDP service

# Checks if a machine is vulnerable to MS12-020 RDP vulnerability

Credentials bruteforce

# Using ncrack for one user
ncrack -vv -u nina -P passwords.txt rdp://IP

# Using ncrack for several users
ncrack -vv -U users.txt -P passwords.txt rdp://IP


# Using rdesktop
rdesktop -u "username" -p "password" -g 80% -r disk:share=/path/to/share/with/remote/host <IP>

# Remmina is cool too