mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-02 08:43:27 +08:00
36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
id: remote-desktop-default-port
|
|
|
|
info:
|
|
name: Remote Desktop Listening Default Port - Detect
|
|
author: asteria121
|
|
severity: info
|
|
description: |
|
|
The Remote Desktop Protocol (RDP) service listens on a default port (TCP 3389), which is commonly targeted by attackers.
|
|
impact: |
|
|
Exposure of the default RDP port (TCP 3389) increases the risk of brute-force attacks and unauthorized access. This can lead to system compromise, data breaches, and ransomware deployment.
|
|
remediation: |
|
|
Change the default RDP listening port to a non-standard port to reduce exposure.
|
|
tags: windows,rdp,audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
$rdpService = Get-Service -Name TermService;
|
|
$rdpPort = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp").PortNumber;
|
|
if ($rdpService.Status -eq 'Running' -and $rdpPort -eq 3389) { Write-Host "True" } else { Write-Host "False" }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "True"
|
|
# digest: 4a0a0047304502203cf68ab0745eccbb239d22000f87708c3173f59b0f02c50e27b64ae7a6652d0c02210092bd0786242b83434a3f954599cce2f64d78ba54eef35b9686232c67f712dc7f:922c64590222798bb761d5b6d8e72950 |