.. /
mstsc.exe
Connect to the desktop of remote computers
Resources
Sessions
Control a user's session
mstsc.exe /v:SP2019.ad.bitsadmin.com /shadow:1 /noConsentPrompt /control
Usecase
Take over when a user is idle
Mitre Att&ck
T1021.001
Remote Desktop
mstsc.exe /remoteGuard /v:SP2019.ad.bitsadmin.com
Usecases
- Connect to a target server
- Exfiltrate data over RDP clipboard or
\\tsclient drives
- If RDP provides access to a different network segment, SocksOverRDP can be used to pivot into that segment
Comments
See also RDCMan.exe
Mitre Att&ck
T1021.001
Shadow a user
mstsc.exe /v:SP2019.ad.bitsadmin.com /shadow:1 /noConsentPrompt
Usecase
Spy on a user’s activity
Mitre Att&ck
T1021.001