# 3389 - RDP

### RDP Connection

If credentials are available, try connecting to the machine using the below commands:

```bash
# Opens a remote RDP session on a Windows machine using xfreerdp
xfreerdp /cert-ignore /u:jeff /d:abc.com /p:pass1 /v:10.10.10.100 +clipboard +dynamic-resolution

# Opens a remote RDP session on a Windows machine using rdesktop
rdesktop -d abc.com -u jeff -p pass1 10.10.10.100 
```

{% hint style="warning" %}
***PASS THE HASH ATTACKS:***

Since **Windows Vista**, Microsoft introduced **UAC remote restrictions**. Local administrators logging in remotely do NOT receive a full admin token by default. When local administrators(Other than the actual local admin), they get a **filtered token**.

**Locally (console / RDP):**

* ✅ User can elevate via UAC prompt
* Full token is available

**Remotely (SMB / RPC / WMI / WinRM):**

* ❌ **No UAC prompt possible**
* User is forced to use the **filtered token**
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gokulkarthik.gitbook.io/pentesting-checklist/windows-and-active-directory/protocol-enumeration/3389-rdp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.