Remote Desktop Protocol
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
https://github.com/0x09AL/RdpThief
https://github.com/S3cur3Th1sSh1t/RDPThiefInject
https://github.com/snovvcrash/SharpRdpThief
https://github.com/passthehashbrowns/SharpRDPThief
https://github.com/proxytype/RDP-THIEF
https://github.com/0xEr3bus/RdpStrike
The DLL can be converted to shellcode with ConvertToShellcode.py (sRDI approach) and then be injected into the target process. That would help to avoid dropping the DLL to disk:
beacon> rdpthief_enable beacon> rdpthief_dump beacon> rdpthief_disable
https://clement.notin.org/blog/2019/07/03/credential-theft-without-admin-or-touching-lsass-with-kekeo-by-abusing-credssp-tspkg-rdp-sso/
Last updated 1 month ago
