RDPY- tool to perform MITM attack on RDP Sessions
Remote Desktop Protocol is used on almost any network, This allow user to manage windows servers remotely and to have server desktop full control. Some user feel more comfortable with it to schedule tasks or install applications. Others prefer to use the command line for fast and automated system administration by considering powershell.
The question for now is if there is a direct way to Hack Remote Desktop Protocol ?
To connect to RDP user should authenticate to the server with the correct credentials. Next user will connect to the system according to his system profile. This is the standard way of connection and usage while if you are looking to hijack this protocol you can use RDPY- tool to perform MITM attack on RDP Sessions.
Rdpy is an open source python script that allows to hijack windows RDP sessions and perform MITM attack to record communication and display actions performed on servers. This tool not only perform the Man In The Middle proxy functionality but also allows to run an RDP honeypot to make attacker system running a fake RDP session.
Rdp Honeypot will set the daemon that you can use on the network for testing purposes or to detect suspicious activities such as worm attacks or any machine that is running brute force on the network.
RDP screenshoter module in rdpy allows to make screenshot against Remote Desktop Protocol session on the fly. this if you need to see what is opened by the user so you can log the application running on the remote system.
RDPY do not include rdp attack module only but you can use it for vnc attack as well. The tool have the same type of capabilities for vnc without honeypot. There is also rssplayer module which will replay the recorded session scenario that was captured during the MITM attack using Man In The Middle proxy module or the redpclient. Here user will be able to replay the session to point on what he is searching.
You can download the tool over this link: https://github.com/citronneur/rdpy