- 7 Tem 2013
- 8,208
- 4
- 690
Hi,
In this article, I am going to talk about RDP Session Hijacking. Let's get start
WHAT IS RDP(Remote Desktop Protocol)
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists. By default, the server listens on TCP port 3389 and UDP port 3389.
WHAT IS RDP Session HIJACKING?
In the event that local administrator access has been obtained on a target system an attacker it is possible to hijack the RDP session of another user. This eliminates the need for the attacker to discover credentials of that user.
RDP SESSION HIJACKING
First, we need to make a connection. Then we can start the process. We need to run the remote desktop connection software that available on Windows. For this, open the command prompt and type this command:
As soon as we type the command, the software will run and probably you will see this screen:
We write the static IP address of the remote desktop computer that we want to connect.
After the remote desktop connection, we should open the command prompt and type this command on the computer that we connect.
We will see various information about the users on the computer. But we need information about the ID of the admin user.
After obtaining the ID and Sessionname information, we should type this command:
We create the tscon service which allows us to connect to a different session on the server with a remote desktop session
After the service is successfully created, we should type this command to start the service
After starting the service, the session will become available without knowing the password for the admin session.
For more information, visit the 43th edition of our magazine
Source: https://www.turkhackteam.org/siber-...-hijacking-uzak-masaustu-oturumunu-calma.html
Translator dRose98
In this article, I am going to talk about RDP Session Hijacking. Let's get start
WHAT IS RDP(Remote Desktop Protocol)
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists. By default, the server listens on TCP port 3389 and UDP port 3389.
WHAT IS RDP Session HIJACKING?
In the event that local administrator access has been obtained on a target system an attacker it is possible to hijack the RDP session of another user. This eliminates the need for the attacker to discover credentials of that user.
RDP SESSION HIJACKING
First, we need to make a connection. Then we can start the process. We need to run the remote desktop connection software that available on Windows. For this, open the command prompt and type this command:
Kod:
mstsc
As soon as we type the command, the software will run and probably you will see this screen:
We write the static IP address of the remote desktop computer that we want to connect.
After the remote desktop connection, we should open the command prompt and type this command on the computer that we connect.
Kod:
query user
We will see various information about the users on the computer. But we need information about the ID of the admin user.
After obtaining the ID and Sessionname information, we should type this command:
Kod:
sc create sesshijack binpath= cmd.exe /k tscon(the ID of the session that we want to capture) 2 /dest:rdp-tcp#0 (the Sessionname information that we want to capture)
We create the tscon service which allows us to connect to a different session on the server with a remote desktop session
After the service is successfully created, we should type this command to start the service
Kod:
net start sesshijack
After starting the service, the session will become available without knowing the password for the admin session.
For more information, visit the 43th edition of our magazine
Source: https://www.turkhackteam.org/siber-...-hijacking-uzak-masaustu-oturumunu-calma.html
Translator dRose98