# **Basic Information** According to [HTB Academy](https://academy.hackthebox.com/module/112/section/1242): > The [Remote Desktop Protocol](https://docs.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol) (`RDP`) is a protocol developed by Microsoft for remote access to a computer running the Windows operating system. This protocol allows display and control commands to be transmitted via the GUI encrypted over IP networks. RDP works at the application layer in the TCP/IP reference model, typically utilizing TCP port 3389 as the transport protocol. However, the connectionless UDP protocol can use port 3389 also for remote administration. # **Enumeration** ## **Scanning** ```bash # default scan nmap -sV -sC -p3389 --script rdp* <target_ip> # the default scan uses the following RDP cookie, mstshash=nmap # this can be signaturized by threat hunters / EDRs nmap -sV -sC -p3389 --packet-trace --disable-arp-ping -n <target_ip> ``` ## **RDP Security Check** ```bash # installation sudo cpan git clone https://github.com/CiscoCXSecurity/rdp-sec-check.git && cd rdp-sec-check ./rdp-sec-check.pl <target_ip> ``` ## **Initiate an RDP Session** - Other alternatives are `rdesktop` and `Remina` ```bash xfreerdp3 /u:<username> /p:'<password>' /v:<target_ip> ``` # **References** # **Practical Application** | Platform | Name | Notes | | -------- | ---- | ----- | | | | |