.. / mstsc.exe

Connect to the desktop of remote computers

Resources

Sessions

mstsc.exe /v:SP2019.ad.bitsadmin.com /shadow:1 /noConsentPrompt /control

Usecase
Take over when a user is idle

Mitre Att&ck
T1021.001

mstsc.exe /remoteGuard /v:SP2019.ad.bitsadmin.com

Usecases

Connect to a target server
Exfiltrate data over RDP clipboard or \\tsclient drives
If RDP provides access to a different network segment, SocksOverRDP can be used to pivot into that segment

Mitre Att&ck
T1021.001

mstsc.exe /v:SP2019.ad.bitsadmin.com /shadow:1 /noConsentPrompt

Usecase
Spy on a user’s activity

Mitre Att&ck
T1021.001

Updated: 2023-08-25

Contributor: Arris Huijgen (bitsadmin)