Hello. I have an RDP with a “Guest” credential that can be accessed by anyone in the world since it has no password. There is a person who apparently is of Russian nationality, I don’t know how he can “log out” without being connected to the RDP, he can even close some programs that I have open while inside. For example, I am in the RDP session and out of nowhere I see how the session closes without me having done anything. No matter how many locking programs you put on him like “ClearLock” and other programs that prevent anyone from touching or moving files, the guy knows how to prevent it.
Checking the RDP connections and ports, I was surprised that the guy was connected to port 445. Then I came to the conclusion that it is not any type of virus nor that the RDP is infected. All of that was discarded. So I thought maybe it’s because it uses some metasploit. I have 5 RDP connections with different IPs and the Russian can only play with the ones that have port 445 open and he can’t do anything with the others.
I tried to do what it supposedly does, I used all kinds of metasploit for RDP and for port 445, but none of them work for me, even though I follow all the steps correctly. Every attempt shows the message “Exploitation completed, but no sessions were created.”
It should be noted that you do not have the Administrator credential, you only have access to the Guest user, which is an account without a password. .
Do any of you know what exactly you do to control an RDP with a “Guest” credential without being inside it? It’s as if you were a remote shell where he can execute commands.