rdp

Overview ¶

Package rdp implements pentest operations for the Remote Desktop Protocol (RDP).

This file provides PerformAuthentication, which attempts credentialed authentication against an RDP target.

Implementation status (v1 limitation) ¶

Full RDP NLA authentication requires a complete CredSSP (Credential Security Support Provider) stack: SPNEGO token exchange carrying NTLMv2 messages over a TLS-wrapped X.224 channel, followed by a TSPasswordCreds ASN.1/BER-encoded payload encrypted with an NTLM session key. This multi-round stateful protocol is non-trivial to implement correctly and is outside the scope of this v1 release.

For now, PerformAuthentication performs the X.224 PROBE first to establish reachability and determine the server's required protocol, then emits one AuthAttempt per credential pair with Success=false and a descriptive Message explaining that CredSSP NLA auth is not yet implemented. Callers can use the probe's ServerInfo (particularly NlaRequired, SelectedProtocol) to decide whether to forward the target to a different tool or to wait for a v2 implementation.

TODO(v2): Implement full CredSSP handshake using NTLMv2 SPNEGO tokens to support authenticated RDP testing against NLA-required targets.

Package rdp implements pentest operations for the Remote Desktop Protocol (RDP).

This file provides PerformProbe, which performs unauthenticated X.224 negotiation on TCP port 3389 (or a caller-specified port), extracts the server's protocol negotiation response, and — when the selected protocol permits TLS — upgrades the connection to TLS to extract the NLA certificate metadata.

The probe result is suitable for populating the RdpApplication ontology node.

Package rdp implements pentest operations for the Remote Desktop Protocol (RDP).

This file provides RunPentest, the top-level orchestrator that iterates over targets and dispatches PROBE and AUTH actions in the correct phased order, mirroring the SMB phased approach in internal/pentest/smb/run.go.