Home

Awesome

DISCLAIMER

The BOF is currently only compatible with the latest version of TrustedSec's COFFLoader. Please read their blog for the details.

ShadowRDP

This repository contains two applications. One is a beacon object file, which is used to retrieve the authentication string, also known as the invitation. The other is a graphical user interface program that can be run on the operator's system behind a SOCKS proxy to connect to the remote desktop session.

BOF Usage

shadowrdp <HOSTNAME> [<control>|<view>] <SESSIONID> [<NTLM>|<KERBEROS>]

Resources

Using RPC in BOFs

ShadowRDP client

MS-TSTS protocol documentation

MS-RAI protocol documentation