# 3389 Pentesting RDP

## Xfreerdp Command 

```python
xfreerdp /v:IP /u:USERNAME /p:PASSWORD +clipboard /dynamic-resolution /drive:$(pwd),share
```

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2F6cBbpDeebpneRYTY4m8a%2Fimage.png?alt=media&#x26;token=615071de-8340-4a5d-8da3-bf79e27b0e30" alt=""><figcaption></figcaption></figure>

## Login UI Enumeration

We can try to see the login page of the RDP to do some enumeration, this can be done by disabling Network Level Authentication

This approach bypasses the pre-authentication security layer that NLA normally provides. When NLA is disabled:

* The remote server will display the login GUI without requiring upfront authentication

```python
xfreerdp /v:10.10.73.33 -sec-nla
```

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FvMbW0d4Tx5mdaQFsc4oC%2Fimage.png?alt=media&#x26;token=9c08ed38-3023-4d69-baaa-78c0d59f23f4" alt=""><figcaption></figcaption></figure>