HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Hacking 💻 RDG, RDP, and RDS – What's the Difference and How They're Used in Offensive & Defensive Cybersecurity

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,861
Solutions
4
Reputation
27
Reaction score
45,546
Points
1,813
Credits
55,350
‎7 Years of Service‎
 
56%
🔐 Post created for the Hack Tools Dark Community

Topic: RDG, RDP, and RDS – What's the Difference and How They're Used in Offensive & Defensive Cybersecurity

• RDP (Remote Desktop Protocol):
A Microsoft protocol that allows a user to connect to another computer over a network connection using a graphical interface. Common in enterprise environments, it's often a target for brute-force attacks and lateral movement.

Example usage:
Bash: 
xfreerdp /u:user /p:password /v:192.168.1.10

⚠️ Common Attack Vectors:
  • Brute force (Hydra, Ncrack)
  • Credential stuffing (leaked combos)
  • Exploiting RDP vulnerabilities (e.g., BlueKeep CVE-2019-0708)

• RDS (Remote Desktop Services):
A role in Windows Server allowing multiple users to access Windows desktops and applications remotely. Often used in terminal server setups or VDI environments.

Features:
  • Session Host
  • Connection Broker
  • Licensing Server
  • RD Gateway (→ RDG)

• RDG (Remote Desktop Gateway):
A component that allows secure RDP connections over HTTPS. It acts as a proxy between RDP clients and internal resources, usually hardened and requiring authentication.

💀 Red Team Use Case:
  • Use of stolen credentials to bypass RDG
  • Tunneling RDP via HTTPS to evade network detection
  • Exploitation of misconfigured RD Gateway settings

🧠 Blue Team Countermeasures:
  • Enforce MFA on RDG
  • Use network-level authentication (NLA)
  • Monitor logs for abnormal RDP activity
  • Restrict access to known IPs via firewall

🛠 Useful Tools:
  • Hydra / Ncrack – brute-force RDP
  • rdpscan – BlueKeep scanner
  • CrowdStrike RDP detection rules – threat hunting
  • xFreeRDP / rdesktop – Linux RDP clients
  • Metasploit modules – for RDP exploitation
  • This link is hidden for visitors. Please Log in or register now.
    – Grabber and Checker

🧪 Want to test this?
You can set up a lab using:
Bash: 
VBox + Windows Server + RDS role
Kali Linux + Hydra/Ncrack

⚠️ Disclaimer: This post is for educational and ethical research purposes only. Do NOT use these techniques on unauthorized systems.

💬 Join the discussion:
Have you ever bypassed an RDG in a pentest? What techniques did you use to enumerate exposed RDPs? Share your experience below!
 
You must log in or register to reply here.
Back
Top