Security researches have disclosed a proof of concept which shows how it is possible to compromise
clients via RDP. In order to exploit the clients, the attackers make use of vulnerability in the RDP clipboard function.
The environments which are targeted are:
Checkpoint fun fact share
- mstsc.exe – Microsoft’s built-in RDP client.
- FreeRDP – The most popular and mature open-source RDP client on Github.
- rdesktop – Older open-source RDP client, comes by default in Kali-linux distros.
As “rdesktop” is the built-in client in Kali-linux, a Linux distro used by red teams for penetration testing, we thought of a 3rd
(though probably not practical) attack scenario: Blue teams can install organizational honeypots and attack red teams that try to connect to them through the RDP protocol.