Skip to content
A proof of concept for the RDP Inception Attack
Branch: master
Clone or download
Vincent Yiu
Vincent Yiu fix?
Latest commit d6670b5 Jun 29, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information. Initial release Jun 29, 2017


As usual, this code and tool should not be used for malicious purposes.


This code is weaponised but with no damage. Do not execute if you are not aware of the consequences or what this code does.


Authored by Vincent Yiu (@vysecurity) of MDSec ActiveBreach


A bat script that will backdoor the host that is mounting drives whilst RDPing into an infected machine. This process repeats if a systems administrator is for example: Laptop -> RDP -> RDP -> RDP -> RDP -> Server.

The intention of this script is to allow security testers and red teamers to obtain code execution in the management network or a segregated part of the network where the target machine cannot communicate back out to the privileged network context.

We have found this attack useful in some of our red team and adversary simulation engagements.

Aggressor Script

  1. Load RDPInception
  2. Run rdpinception command
  3. Select HTTP, HTTPS or DNS beacon that can egress.


  1. Modify batch file to execute PowerShell stager, EXE or even DLL.
  2. Upload to the target, execute.
You can’t perform that action at this time.