Member-only story
Windows RDP Session Hijacking
How Red Team members take control over User’s RDP sessions
The Remote Desktop Protocol (RDP) has become an indispensable tool for system administrators, enabling them to manage Windows environments from a remote location. However, with its widespread use, RDP has also caught the attention of malicious actors seeking to exploit its vulnerabilities for nefarious purposes. In this article, we will explore the potential risks associated with RDP and discuss effective strategies to mitigate these vulnerabilities, ensuring a more secure network environment.
RDP Session Hijacking
Upon gaining local administrator access to a target system, an attacker can potentially hijack the RDP session of another user. This ingenious tactic obviates the necessity for the attacker to uncover the user’s credentials
To procure the list of accessible sessions that can be utilized, one can retrieve it from the Windows Task Manager under the tab labeled Users.
The command prompt also provides the means to obtain the same information effortlessly.
