Ech0's Blog

nothing@nowhere - 2021-07-08

xrdp Setup

In this tutorial we're going to look at how to setup XRDP on a kali VM

Initial Setup

So i currently have a VM running kali linux at the local IP 10.77.77.77:

And my current issue is that i cannot for some reason get this machine to copy paste IN and OUT, even with vmware's poorly made vmware tools implementations on debian-based VMs, therefore i decided to install RDP on it, because i know that this will work. Now RDP is very easy to install on linux. First step is to get the xrdp package:


[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ apt search xrdp
Sorting... Done
Full Text Search... Done
libxrdposix3/kali-rolling 5.0.3-4 amd64
  Posix interface library for xrootd

xorgxrdp/kali-rolling,now 1:0.2.12-1 amd64 [installed,automatic]
  Remote Desktop Protocol (RDP) modules for X.org

xrdp/kali-rolling,now 0.9.12-1.1 amd64 [installed]
  Remote Desktop Protocol (RDP) server


[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ apt install xrdp -y

And then we simply start it with systemctl:


[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo systemctl enable --now xrdp
Synchronizing state of xrdp.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable xrdp
Created symlink /etc/systemd/system/multi-user.target.wants/xrdp.service → /lib/systemd/system/xrdp.service.
	
[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ systemctl status xrdp
● xrdp.service - xrdp daemon
     Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2021-07-08 18:00:03 CEST; 12min ago
       Docs: man:xrdp(8)
             man:xrdp.ini(5)
   Main PID: 39814 (xrdp)
      Tasks: 1 (limit: 4597)
     Memory: 772.0K
        CPU: 12.854s
     CGroup: /system.slice/xrdp.service
             └─39814 /usr/sbin/xrdp

[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ netstat -alntup | grep 3389
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::3389                 :::*                    LISTEN      -

And now that we enabled the xrdp service, we can basically test it out, i will connect to my kaliVM using a RDP client called remmina, from debian or arch you install it as follows:


[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo apt install remmina

[ 10.66.66.2/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo pacman -S remmina

It's fairly popular so it shouldn't be a problem to find it on most repositories. and then we add a RDP host to connect to after we start remmina:

Once we connect however, we see that we are not getting into i3, but rather the other default DE that's on kali by default, XFCE

So in order to fix that, we edit /etc/xrdp/startwm.sh


[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo vim /etc/xrdp/startwm.sh

[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ cat /etc/xrdp/startwm.sh
#!/bin/sh
# xrdp X session start script (c) 2015, 2017 mirabilos
# published under The MirOS Licence

if test -r /etc/profile; then
        . /etc/profile
fi

if test -r /etc/default/locale; then
        . /etc/default/locale
        test -z "${LANG+x}" || export LANG
        test -z "${LANGUAGE+x}" || export LANGUAGE
        test -z "${LC_ADDRESS+x}" || export LC_ADDRESS
        test -z "${LC_ALL+x}" || export LC_ALL
        test -z "${LC_COLLATE+x}" || export LC_COLLATE
        test -z "${LC_CTYPE+x}" || export LC_CTYPE
        test -z "${LC_IDENTIFICATION+x}" || export LC_IDENTIFICATION
        test -z "${LC_MEASUREMENT+x}" || export LC_MEASUREMENT
        test -z "${LC_MESSAGES+x}" || export LC_MESSAGES
        test -z "${LC_MONETARY+x}" || export LC_MONETARY
        test -z "${LC_NAME+x}" || export LC_NAME
        test -z "${LC_NUMERIC+x}" || export LC_NUMERIC
        test -z "${LC_PAPER+x}" || export LC_PAPER
        test -z "${LC_TELEPHONE+x}" || export LC_TELEPHONE
        test -z "${LC_TIME+x}" || export LC_TIME
        test -z "${LOCPATH+x}" || export LOCPATH
fi

if test -r /etc/profile; then
        . /etc/profile
fi

#test -x /etc/X11/Xsession && exec /etc/X11/Xsession
#exec /bin/sh /etc/X11/Xsession
exec /usr/bin/i3

[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo systemctl restart xrdp

[ 10.77.77.77/24 ] [ /dev/pts/1 ] [~/HTB]
→ sudo systemctl status xrdp
● xrdp.service - xrdp daemon
     Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2021-07-08 18:19:00 CEST; 4s ago
       Docs: man:xrdp(8)
             man:xrdp.ini(5)
    Process: 168045 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/SUCCESS)
    Process: 168053 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 168054 (xrdp)
      Tasks: 1 (limit: 4597)
     Memory: 760.0K
        CPU: 18ms
     CGroup: /system.slice/xrdp.service
             └─168054 /usr/sbin/xrdp

here you see i basically just edited the last part of /etc/xrdp/startwm.sh to execute i3 instead of the default Xsession. Now when we test it we get the following:

And that's it! We managed to connect to a VM via RDP and spawning a non-default DE to navigate it.

Setup

Setup

My Bunker

Some Address 67120,
Duttlenheim, France.

My Links

Discord
Hack The Box

About Ech0

This cute theme was created to showcase your work in a simple way. Use it wisely.