3389 - RDP

Identification and Scans

# Using nmap NSE scripts
nmap -Pn -sV --version-intensity=5 -p T:3389 --script=xxxx <IP>

# Determines which Security layer and Encryption level is supported by the RDP service
rdp-enum-encryption

# Checks if a machine is vulnerable to MS12-020 RDP vulnerability
rdp-vuln-ms12-020.nse 


Credentials bruteforce

# Using ncrack for one user
ncrack -vv -u nina -P passwords.txt rdp://IP

# Using ncrack for several users
ncrack -vv -U users.txt -P passwords.txt rdp://IP


Connexion

# Using rdesktop
rdesktop -u "username" -p "password" -g 80% -r disk:share=/path/to/share/with/remote/host <IP>

# Remmina is cool too