when you connect over rdp it pops a 30 sec window saying ok or cancel that another user is logging in it isn't very sneaky the way this is setup. if someone knows a better sneakier method it could be interesting as i noted my intent was legit usage for system repairs. my testing was performed on 2 windows 10 pro systems but i did add some older commands that should work with older versions of windows as far back as xp they remain untested.
Vert,
Mimikatz can patch RDP services in real time to allow multi users to connect, and I don't think it notifies the other user at all. It would be neat to run Mimikatz first if you've already got admin privs, extract users cleartext pw out of memory, and RDP as the same user to try to fly a bit more under the radar.
enable admin & rdp payload (Completed)
in Bash Bunny
Posted
Vert,
Mimikatz can patch RDP services in real time to allow multi users to connect, and I don't think it notifies the other user at all. It would be neat to run Mimikatz first if you've already got admin privs, extract users cleartext pw out of memory, and RDP as the same user to try to fly a bit more under the radar.
Invoke-Mimikatz -Command 'privilege::debug ts::multirdp exit'