Is it possible to be injected through an RDP connection?

[some1onetwo]

Hi,

so let's say I connect from my PC to a server I bought from a "sketchy" person, is it possible that my PC will get infected through the RDP connection?

Because recently on one of my VM's something created a random admin user account on it and basically locked me out until I did a Windows 7 ISO boot and reset the password with cmd.

The thing is, I am really cautious of everything, the only possible source for this I can imagine is either the RDP connection or an infected proxy server I used that redirected me to an infected page.

I don't even exactly know if it was an infection, but a random admin user account that I've never heard of shouldn't pop out of nowhere and lock me out right?

The most important question is in the headline, because right now I'm really paranoid about connecting to a server through RDP, is that justified?

[xpow]

Yes it is possible to be infected but there is many possibility to avoid infection 

 

* Rdp that you use is the most important

Edited by xpow, 07 May 2018 - 04:45 AM.

[Logerlala]

Yes it is possible, many people leave a specific port open and waiting for someone to "hack" them... then it's coming all back at them.

[some1onetwo]

Yes it is possible, many people leave a specific port open and waiting for someone to "hack" them... then it's coming all back at them.

 

So how do I prevent it? Does running RDP in Sandboxie help?

[Logerlala]

So how do I prevent it? Does running RDP in Sandboxie help?

Yes, it does. Because Sandboxie creates a different area in memory which can't access the real memory, It is like a "virtual" memory. So, if you'd run the RDP through Sandboxie I don't see any problems. (There are ways to bypass Sandboxie, though it'd be a pretty hard job and I don't think that's the case)

[some1onetwo]

Yes, it does. Because Sandboxie creates a different area in memory which can't access the real memory, It is like a "virtual" memory. So, if you'd run the RDP through Sandboxie I don't see any problems. (There are ways to bypass Sandboxie, though it'd be a pretty hard job and I don't think that's the case)

 

What exactly is a "Meterpreter" do you know that by chance?

Because someone hinted at that but I don't really know about it.

[kesilchen]

yes it works and try running it in virtual machine, this should help