Explosion (RDP)

As usually start off scanning with snap. The IP for my remote box is 10.129.164.96.

nmap -sV 10.129.164.96

As shown below, ports 445/TCP and 3389/TCP are open. I’ll go ahead and try RDP into the box to “check the front door”. xfreerdp is a linux tool that established RDP connections.

/cert: Specifies to the scrips that all security certificate usage should be ignored.

/u: Specifies the login username.

/v:{target_IP} : Specifies the target IP.

I tried multiple combinations of usernames and passwords. Administrator with no password worked!

Xfreerdp /cert:ignore /u:Administrator /v:10.129.164.96

Once logged in, flag.txt is on the desktop.