FreeRDP
FreeRDP is a free and open-source implementation of the Remote Desktop Protocol (RDP). It allows you to connect to and control Windows systems remotely from Linux, macOS, and other Unix-like systems. FreeRDP provides both a command-line client (xfreerdp) and libraries for developers.
Installation
Section intitulée « Installation »Linux (Debian/Ubuntu)
Section intitulée « Linux (Debian/Ubuntu) »# Install FreeRDP
sudo apt-get update
sudo apt-get install freerdp2-x11
# Install command-line tools
sudo apt-get install freerdp2-bin
# Verify installation
xfreerdp --version
# Install additional tools
sudo apt-get install freerdp2-dev freerdp2-waylandLinux (Fedora/RHEL)
Section intitulée « Linux (Fedora/RHEL) »# Install FreeRDP
sudo dnf install freerdp
# Verify installation
xfreerdp --version# Install via Homebrew
brew install freerdp
# Verify installation
xfreerdp --version
# Optional: GUI client
brew install --cask freerdpAlpine Linux
Section intitulée « Alpine Linux »# Install FreeRDP
apk add freerdp
# Verify
xfreerdp --versionBuild from Source
Section intitulée « Build from Source »# Clone repository
git clone https://github.com/FreeRDP/FreeRDP.git
cd FreeRDP
# Install dependencies
sudo apt-get install build-essential git cmake libssl-dev libx11-dev
# Build and install
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make
sudo make install
# Verify
xfreerdp --versionBasic Connection
Section intitulée « Basic Connection »Simple RDP Connection
Section intitulée « Simple RDP Connection »# Basic connection to Windows server
xfreerdp /v:192.168.1.100
# Connect with username
xfreerdp /v:192.168.1.100 /u:Administrator
# Connect with password
xfreerdp /v:192.168.1.100 /u:Administrator /p:password
# Connect using domain credentials
xfreerdp /v:192.168.1.100 /u:DOMAIN\\username /p:password
# Connect to specific port (default is 3389)
xfreerdp /v:192.168.1.100:3389 /u:AdministratorHostname and Domain Resolution
Section intitulée « Hostname and Domain Resolution »# Connect using hostname
xfreerdp /v:windows-server /u:Administrator
# Use domain credentials
xfreerdp /v:192.168.1.100 /u:DOMAIN\\username
# Alternative domain syntax
xfreerdp /v:192.168.1.100 /d:DOMAIN /u:username
# Connect with UPN format
xfreerdp /v:192.168.1.100 /u:username@domain.comAuthentication Options
Section intitulée « Authentication Options »Username and Password
Section intitulée « Username and Password »# Interactive password prompt
xfreerdp /v:192.168.1.100 /u:Administrator
# Non-interactive (specify password)
xfreerdp /v:192.168.1.100 /u:Administrator /p:MyPassword123
# Empty password
xfreerdp /v:192.168.1.100 /u:Administrator /p:""
# Read password from stdin
echo "MyPassword" | xfreerdp /v:192.168.1.100 /u:Administrator /p:-Smart Card Authentication
Section intitulée « Smart Card Authentication »# Use smart card for authentication
xfreerdp /v:192.168.1.100 /sc
# Specify smart card reader
xfreerdp /v:192.168.1.100 /sc /sc:reader-name
# List available readers
opensc-tool -lNetwork Level Authentication (NLA)
Section intitulée « Network Level Authentication (NLA) »# Enable NLA (enabled by default in many builds)
xfreerdp /v:192.168.1.100 /u:Administrator /nla
# Disable NLA if causing issues
xfreerdp /v:192.168.1.100 /u:Administrator -nla
# Force NLA
xfreerdp /v:192.168.1.100 /u:Administrator /nla:forceDisplay and Resolution
Section intitulée « Display and Resolution »Screen Resolution
Section intitulée « Screen Resolution »# Full screen
xfreerdp /v:192.168.1.100 /f
# Specific resolution (1920x1080)
xfreerdp /v:192.168.1.100 /w:1920 /h:1080
# Common resolutions
xfreerdp /v:192.168.1.100 /w:1024 /h:768
xfreerdp /v:192.168.1.100 /w:1280 /h:1024
xfreerdp /v:192.168.1.100 /w:1920 /h:1200
# Percentage of screen
xfreerdp /v:192.168.1.100 /p:85
# Smart sizing (resize with window)
xfreerdp /v:192.168.1.100 /smart-sizingColor Depth
Section intitulée « Color Depth »# 8-bit color (256 colors)
xfreerdp /v:192.168.1.100 /bpp:8
# 15-bit color
xfreerdp /v:192.168.1.100 /bpp:15
# 16-bit color (65536 colors)
xfreerdp /v:192.168.1.100 /bpp:16
# 24-bit color (16 million colors)
xfreerdp /v:192.168.1.100 /bpp:24
# 32-bit color
xfreerdp /v:192.168.1.100 /bpp:32Display Options
Section intitulée « Display Options »# Disable wallpaper
xfreerdp /v:192.168.1.100 -wallpaper
# Disable window decoration
xfreerdp /v:192.168.1.100 -decoration
# Hide remote window title
xfreerdp /v:192.168.1.100 /wt:"My Session"
# Set window title
xfreerdp /v:192.168.1.100 /wt:"Production Server"Drive and Resource Redirection
Section intitulée « Drive and Resource Redirection »Drive Redirection
Section intitulée « Drive Redirection »# Redirect home directory
xfreerdp /v:192.168.1.100 /drive:home,/home/user
# Redirect specific directory
xfreerdp /v:192.168.1.100 /drive:shared,/mnt/shared
# Redirect multiple drives
xfreerdp /v:192.168.1.100 /drive:home,/home/user /drive:data,/data
# Redirect entire home
xfreerdp /v:192.168.1.100 /drive:home,/home
# Make drive read-only
# Note: Use separate sessions or check FreeRDP version capabilitiesClipboard Redirection
Section intitulée « Clipboard Redirection »# Enable clipboard sharing (often default)
xfreerdp /v:192.168.1.100 /clipboard
# Disable clipboard
xfreerdp /v:192.168.1.100 -clipboard
# Clipboard in both directions
xfreerdp /v:192.168.1.100 /clipboard +clipboardAudio Redirection
Section intitulée « Audio Redirection »# Redirect audio to local system
xfreerdp /v:192.168.1.100 /audio
# Specify audio driver
xfreerdp /v:192.168.1.100 /audio:sys:pulse
# Disable audio
xfreerdp /v:192.168.1.100 -audio
# Record audio remotely only
xfreerdp /v:192.168.1.100 /audio-mode:1Printer Redirection
Section intitulée « Printer Redirection »# Redirect printers
xfreerdp /v:192.168.1.100 /printer
# Redirect specific printer
xfreerdp /v:192.168.1.100 /printer:HP-Printer
# Disable printer redirection
xfreerdp /v:192.168.1.100 -printerUSB Redirection
Section intitulée « USB Redirection »# Redirect USB device by vendor:product ID
xfreerdp /v:192.168.1.100 /usb:id=1234:5678
# Redirect all USB devices
# Note: May require additional FreeRDP build with USB support
xfreerdp /v:192.168.1.100 /usb-device:*Gateway and Network
Section intitulée « Gateway and Network »RDP Gateway (RDG)
Section intitulée « RDP Gateway (RDG) »# Connect through RDP Gateway
xfreerdp /v:internal-server /gw:gateway.example.com /u:Administrator
# Specify gateway username
xfreerdp /v:internal-server /gw:gateway.example.com /gu:gateway-user /gp:gateway-pass
# Gateway with domain
xfreerdp /v:internal-server /gw:gateway.example.com /gd:DOMAIN /gu:username
# Disable gateway
xfreerdp /v:192.168.1.100 /nogwVPN and Proxy
Section intitulée « VPN and Proxy »# Connect through standard port
xfreerdp /v:192.168.1.100:3389
# Non-standard RDP port
xfreerdp /v:192.168.1.100:13389
# Via SSH tunnel (set up separately)
# ssh -L 3389:192.168.1.100:3389 proxy-host
xfreerdp /v:localhost:3389
# Multiple server connection (some versions)
xfreerdp /v:vpn-gateway /u:AdministratorSecurity and Encryption
Section intitulée « Security and Encryption »TLS and Certificate Handling
Section intitulée « TLS and Certificate Handling »# Accept self-signed certificates
xfreerdp /v:192.168.1.100 /cert-ignore
# Verify certificate
xfreerdp /v:192.168.1.100 /cert-name:server.example.com
# Specify certificate file
xfreerdp /v:192.168.1.100 /cert:~/certs/server.pem
# Require certificate validation
xfreerdp /v:192.168.1.100 /cert-tofuEncryption Options
Section intitulée « Encryption Options »# Force RDP Security Layer
xfreerdp /v:192.168.1.100 /sec:rdp
# Force TLS Security Layer
xfreerdp /v:192.168.1.100 /sec:tls
# Force Negotiate (Kerberos/NTLM)
xfreerdp /v:192.168.1.100 /sec:nla
# Allow all supported methods
xfreerdp /v:192.168.1.100 /sec:*Encryption Strength
Section intitulée « Encryption Strength »# Standard encryption
xfreerdp /v:192.168.1.100 /encryption-level:client
# High encryption
xfreerdp /v:192.168.1.100 /encryption-level:high
# FIPS encryption
xfreerdp /v:192.168.1.100 /encryption-level:fipsPerformance Options
Section intitulée « Performance Options »Bandwidth Optimization
Section intitulée « Bandwidth Optimization »# Disable desktop wallpaper
xfreerdp /v:192.168.1.100 -wallpaper
# Disable visual styles
xfreerdp /v:192.168.1.100 -themes
# Disable menu animations
xfreerdp /v:192.168.1.100 -anim
# Disable smooth scrolling
xfreerdp /v:192.168.1.100 -menu-anims
# Disable window contents
xfreerdp /v:192.168.1.100 -window-dragNetwork Performance
Section intitulée « Network Performance »# Use compression
xfreerdp /v:192.168.1.100 /compression
# Specify compression algorithm
xfreerdp /v:192.168.1.100 /compression:on
# Disable compression
xfreerdp /v:192.168.1.100 -compression
# Reduce color depth for bandwidth
xfreerdp /v:192.168.1.100 /bpp:16
# Slower network (adjust settings)
xfreerdp /v:192.168.1.100 -wallpaper -themes /bpp:16 /compressionLatency and Input
Section intitulée « Latency and Input »# Enable mouse motion
xfreerdp /v:192.168.1.100 /motion
# Disable mouse motion (faster)
xfreerdp /v:192.168.1.100 -motion
# Relative mouse movement
xfreerdp /v:192.168.1.100 /mouse-motionCommon Penetration Testing Uses
Section intitulée « Common Penetration Testing Uses »Pass-the-Hash (PTH) RDP
Section intitulée « Pass-the-Hash (PTH) RDP »# Requires compatible FreeRDP build or Restricted Admin mode
# Connect using NTLM hash instead of password
xfreerdp /v:192.168.1.100 /u:Administrator /pth:E52CAC67419A6A2342BB43AB6BD5C81F
# With domain
xfreerdp /v:192.168.1.100 /u:DOMAIN\\Administrator /pth:HASH
# Verify hash format (LM:NT hash)
xfreerdp /v:192.168.1.100 /u:user /pth:LM_HASH:NT_HASHRestricted Admin Mode
Section intitulée « Restricted Admin Mode »# Enable Restricted Admin for pass-the-hash
xfreerdp /v:192.168.1.100 /restrictedadmin
# Combine with credentials
xfreerdp /v:192.168.1.100 /u:Administrator /restrictedadminSession Hijacking Testing
Section intitulée « Session Hijacking Testing »# Connect as specific user
xfreerdp /v:192.168.1.100 /u:Administrator
# Monitor active sessions
# Run inside RDP: Get-Process (PowerShell)
# Attempt connection with different credentials
xfreerdp /v:192.168.1.100 /u:DOMAIN\\userLateral Movement
Section intitulée « Lateral Movement »# Initial compromise
xfreerdp /v:gateway-host /u:compromised-user
# Connect to internal server through gateway
xfreerdp /v:internal-server /gw:gateway-host /gu:compromised-user
# Chain RDP connections
# First connection
xfreerdp /v:192.168.1.100
# From within RDP, run another xfreerdp for second system
# xfreerdp /v:192.168.1.200Advanced Configuration
Section intitulée « Advanced Configuration »Combined Options Example
Section intitulée « Combined Options Example »# Comprehensive secure connection
xfreerdp \
/v:192.168.1.100 \
/u:DOMAIN\\Administrator \
/nla \
/w:1920 /h:1080 \
/bpp:24 \
/drive:home,/home/user \
/clipboard \
/audio \
/compression \
/cert-ignore
# Lightweight connection for slow network
xfreerdp \
/v:192.168.1.100 \
/u:Administrator \
/w:1024 /h:768 \
/bpp:16 \
-wallpaper -themes -menu-anims \
/compression
# High-security lab testing
xfreerdp \
/v:192.168.1.100 \
/u:Administrator \
/sec:nla \
/cert-ignore \
/restrictedadminConfiguration Files
Section intitulée « Configuration Files »# Create connection profile
cat > ~/.freerdp/profile.rdp << EOF
server=192.168.1.100
username=Administrator
domain=DOMAIN
resolution=1920x1080
color-depth=24
drive=home,/home/user
audio=on
compression=on
EOF
# Use profile
xfreerdp ~/.freerdp/profile.rdpTroubleshooting
Section intitulée « Troubleshooting »Connection Issues
Section intitulée « Connection Issues »# Test connectivity
ping 192.168.1.100
# Check RDP port
telnet 192.168.1.100 3389
# Enable verbose output
xfreerdp /v:192.168.1.100 /v:3
# Debug mode
xfreerdp /v:192.168.1.100 /log-level:debugCommon Errors
Section intitulée « Common Errors »| Error | Solution |
|---|---|
| Connection refused | Check RDP port, enable RDP on target |
| Authentication failed | Verify credentials, check NLA settings |
| Timeout | Check firewall, routing, gateway |
| Certificate error | Use /cert-ignore or verify certificate |
| Display issues | Adjust resolution, reduce color depth |
Performance Issues
Section intitulée « Performance Issues »# Reduce visual effects
xfreerdp /v:192.168.1.100 -wallpaper -themes /bpp:16
# Enable compression
xfreerdp /v:192.168.1.100 /compression
# Use lower resolution
xfreerdp /v:192.168.1.100 /w:1024 /h:768
# Check local system resources
top
free -hResources and Help
Section intitulée « Resources and Help »Getting Help
Section intitulée « Getting Help »# List all available options
xfreerdp --help
# Show detailed option help
xfreerdp --help-options
# Show channel options
xfreerdp --help-channels
# Version information
xfreerdp --version
# Configuration examples
man xfreerdpOfficial Links
Section intitulée « Official Links »# GitHub repository
# https://github.com/FreeRDP/FreeRDP
# Wiki and documentation
# https://github.com/FreeRDP/FreeRDP/wiki
# Issue tracker
# https://github.com/FreeRDP/FreeRDP/issues