Note

It typically runs on port 3389.

Nmap scan

nmap -sV -sC 10.129.201.248 -p3389 --script rdp*
# Use --packet-trace to identify EDRs
nmap -sV -sC 10.129.201.248 -p3389 --packet-trace --disable-arp-ping -n

HTB Cheatsheet

CommandDescription
./rdp-sec-check.pl 10.129.201.248RDP Security Check. Github link.
xfreerdp /u:USERNAME /p:"PASSWORD" /v:10.129.201.248Initiate RDP session.
sqlplus <user>/<pass>@<FQDN/IP>/<db>Log in to the Oracle database.
./odat.py utlfile -s <FQDN/IP> -d <db> -U <user> -P <pass> --sysdba --putFile C:\\insert\\path file.txt ./file.txtUpload a file to a web server (to test for reverse shells).

You should check Footprinting Theory ๐ŸŒš to get further knowledge.