Remote Desktop Protocol
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9barrow-up-right
https://github.com/0x09AL/RdpThiefarrow-up-right
https://github.com/S3cur3Th1sSh1t/RDPThiefInjectarrow-up-right
https://github.com/snovvcrash/SharpRdpThiefarrow-up-right
https://github.com/passthehashbrowns/SharpRDPThiefarrow-up-right
https://github.com/proxytype/RDP-THIEFarrow-up-right
https://github.com/0xEr3bus/RdpStrikearrow-up-right
The DLL can be converted to shellcode with ConvertToShellcode.pyarrow-up-right (sRDI approach) and then be injectedarrow-up-right into the target process. That would help to avoid dropping the DLL to disk:
beacon> rdpthief_enable beacon> rdpthief_dump beacon> rdpthief_disable
https://clement.notin.org/blog/2019/07/03/credential-theft-without-admin-or-touching-lsass-with-kekeo-by-abusing-credssp-tspkg-rdp-sso/arrow-up-right
Last updated 4 months ago
