Explosion (RDP)
Feb 5, 2022
As usually start off scanning with snap. The IP for my remote box is 10.129.164.96.
nmap -sV 10.129.164.96
As shown below, ports 445/TCP and 3389/TCP are open. I’ll go ahead and try RDP into the box to “check the front door”. xfreerdp is a linux tool that established RDP connections.
/cert: Specifies to the scrips that all security certificate usage should be ignored.
/u: Specifies the login username.
/v:{target_IP} : Specifies the target IP.
I tried multiple combinations of usernames and passwords. Administrator with no password worked!
Xfreerdp /cert:ignore /u:Administrator /v:10.129.164.96
Once logged in, flag.txt is on the desktop.