ts::multirdp can be used to enable multiple RDP connections on the target server.

You do not need to patch the RDP service on Windows Servers since multiple RDP connections are allowed,

There are two local administrator users:

  • m3g9tr0n (Local Administrator)

  • hacklab.local\m3g9tr0n (Domain user part of the local administrators group)

mimikatz # privilege::debug
Privilege '20' OK
mimikatz # ts::multirdp
"TermService" service patched

As a result, it is possible to initiate another RDP connection while the other user is already connected.

According to Benjamin Delpy, the multirdp module still works on the following recent versions of Windows:

  • Windows Server 2019 - Windows NT 10.0 build 17763 (arch x64)

  • Windows 10 1909 - Windows NT 10.0 build 18363 (arch x64)

(Demonstration target is a Windows 7, domain joined, workstation.)

Last updated