https://github.com/vysecurity/rdpinception

A script to attack users who are RDPing into a machine and recurse this attack. For security testers and attack simulations.
https://github.com/vysecurity/rdpinception

Last synced: 5 months ago
JSON representation

A script to attack users who are RDPing into a machine and recurse this attack. For security testers and attack simulations.

• Host: GitHub
• URL: https://github.com/vysecurity/rdpinception
• Owner: vysecurity
• Created: 2017-06-27T21:45:45.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2017-06-29T16:57:14.000Z (almost 9 years ago)
• Last Synced: 2025-01-21T22:34:55.338Z (over 1 year ago)
• Language: Batchfile
• Size: 3.91 KB
• Stars: 18
• Watchers: 3
• Forks: 9
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
Disclaimer

==========

As usual, this code and tool should not be used for malicious purposes.

WARNING

=======

This code is weaponised but with no damage. Do not execute if you are not aware of the consequences or what this code does.

Credits

=======

Authored by Vincent Yiu (@vysecurity) of MDSec ActiveBreach

RDPInception

============

A bat script that will backdoor the host that is mounting drives whilst RDPing into an infected machine. This process repeats if a systems administrator is for example: Laptop -> RDP -> RDP -> RDP -> RDP -> Server.

The intention of this script is to allow security testers and red teamers to obtain code execution in the management network or a segregated part of the network where the target machine cannot communicate back out to the privileged network context.

We have found this attack useful in some of our red team and adversary simulation engagements.

Aggressor Script

================

1) Load RDPInception

2) Run rdpinception command

3) Select HTTP, HTTPS or DNS beacon that can egress.

Usage

=====

1) Modify batch file to execute PowerShell stager, EXE or even DLL.

2) Upload to the target, execute.