Windows Remote Management#

🖥️ Remote Desktop Protocol (RDP)#

• Microsoft protocol to remotely access Windows GUI.
• Uses TCP/UDP port 3389.
• Works at the Application Layer of the TCP/IP model.

🛡️ Security#

• Uses TLS/SSL encryption (from Windows Vista onwards).
• Weak point: Default certificates are self-signed, can be faked.
• NLA (Network Level Authentication) is recommended for safer connections.

🌐 Connectivity#

• Both local and network firewalls must allow RDP.
• If behind NAT, set up port forwarding and use the public IP.

🕵️ Footprinting RDP Services (Recon)#

• Nmap can scan and reveal:
  • If NLA is enabled
  • Server hostname, domain, version

Example Nmap command:

nmap -sV -sC -p3389 --script rdp* <target-ip>

🕵️ Advanced Scanning with Packet Tracing#

nmap -sV -sC -p3389 --packet-trace rdp* <target-ip>

⚠️ Note:#

• Tools and packet traces can be detected by EDR (Endpoint Detection & Response).
• May result in blocking during penetration tests on secure networks.

⚠️ Security Tip#

• RDP is powerful but also risky if misconfigured.
• Use strong encryption, valid certificates, and NLA to stay secure.
• Monitor for scanning patterns (like Nmap probes) as they may indicate recon.