Alexander wang (1)
Amina muaddi (0)
BALENCIAGA (12)
BAO BAO (0)
BOTTEGA VENETA (0)
BOYY (15)
BULGARI (0)
BURBERRY (3)
CARTIER (0)
CELINE (7)
Chanel (76)
socat TCP-LISTEN:2308,fork TCP:10.0.0.100:3389
nmap -p 2308 --script rdp-ntlm-info <target> Or manually:
Standard RDP uses port 3389 (0xD3D). Port 2308 (0x904) is not an official IANA-registered port for RDP. In cybersecurity and system administration, its use with RDP implies port redirection , tunneling , or obfuscation —typically for security evasion or network segmentation. Write-Up: Analysis of RDP on Non-Standard Port 0x904 (2308/TCP) 1. Overview | Attribute | Value | |-----------|-------| | Port number (hex) | 0x904 | | Port number (decimal) | 2308 | | Protocol | TCP (typically) | | Standard service | Unassigned / ephemeral range (IANA) | | Observed use | Alternative port for Microsoft RDP | | Risk context | Evasion, lateral movement, misconfiguration |
| Reason | Explanation | |--------|-------------| | | Bots scan 3389; 2308 is less targeted. | | Bypass port-based firewalls | Outbound 3389 may be blocked; 2308 may be allowed. | | Multiple RDP instances | Hosting several RDP sessions on different ports (e.g., 3389, 2308, 3390). | | Tunneling over HTTPS/SSH | Local forward: ssh -L 2308:localhost:3389 user@host makes RDP appear on 0x904. | | Red team lateral movement | Using netsh portproxy or socat to pivot through a compromised host. | 3. Detection & Fingerprinting 3.1 Banner Grabbing Connect to port 2308 and observe response:
| Risk | Impact | |------|--------| | | Pre-authentication RCE, port-agnostic. | | CredSSP oracle (CVE-2018-0886) | Man-in-the-middle or RCE if patching missed. | | Password spraying | Attacker scans 2308 instead of 3389. | | NLA bypass | If Network Level Authentication is disabled. | | Tunnel detection evasion | Logging may ignore non-standard ports. | 5. Forensic Artifacts (If Compromised via 0x904) On a Windows host where RDP was accessed through port 2308: 5.1 Registry Check for custom RDP port:
When RDP is found listening on 0x904 , it is almost always the result of an intentional configuration change, a port forward, or a tunnel (e.g., SSH, stunnel, or a reverse proxy). Administrators or attackers may move RDP from 3389 to 0x904 for the following reasons:
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
MOREsocat TCP-LISTEN:2308,fork TCP:10.0.0.100:3389 0x904 rdp
nmap -p 2308 --script rdp-ntlm-info <target> Or manually: socat TCP-LISTEN:2308,fork TCP:10
Standard RDP uses port 3389 (0xD3D). Port 2308 (0x904) is not an official IANA-registered port for RDP. In cybersecurity and system administration, its use with RDP implies port redirection , tunneling , or obfuscation —typically for security evasion or network segmentation. Write-Up: Analysis of RDP on Non-Standard Port 0x904 (2308/TCP) 1. Overview | Attribute | Value | |-----------|-------| | Port number (hex) | 0x904 | | Port number (decimal) | 2308 | | Protocol | TCP (typically) | | Standard service | Unassigned / ephemeral range (IANA) | | Observed use | Alternative port for Microsoft RDP | | Risk context | Evasion, lateral movement, misconfiguration | Write-Up: Analysis of RDP on Non-Standard Port 0x904
| Reason | Explanation | |--------|-------------| | | Bots scan 3389; 2308 is less targeted. | | Bypass port-based firewalls | Outbound 3389 may be blocked; 2308 may be allowed. | | Multiple RDP instances | Hosting several RDP sessions on different ports (e.g., 3389, 2308, 3390). | | Tunneling over HTTPS/SSH | Local forward: ssh -L 2308:localhost:3389 user@host makes RDP appear on 0x904. | | Red team lateral movement | Using netsh portproxy or socat to pivot through a compromised host. | 3. Detection & Fingerprinting 3.1 Banner Grabbing Connect to port 2308 and observe response:
| Risk | Impact | |------|--------| | | Pre-authentication RCE, port-agnostic. | | CredSSP oracle (CVE-2018-0886) | Man-in-the-middle or RCE if patching missed. | | Password spraying | Attacker scans 2308 instead of 3389. | | NLA bypass | If Network Level Authentication is disabled. | | Tunnel detection evasion | Logging may ignore non-standard ports. | 5. Forensic Artifacts (If Compromised via 0x904) On a Windows host where RDP was accessed through port 2308: 5.1 Registry Check for custom RDP port:
When RDP is found listening on 0x904 , it is almost always the result of an intentional configuration change, a port forward, or a tunnel (e.g., SSH, stunnel, or a reverse proxy). Administrators or attackers may move RDP from 3389 to 0x904 for the following reasons:
HOL คือศูนย์รวมสินค้าลัคชัวรี่แบรนด์ดังจากทุกมุมโลกไม่ว่าจะเป็นเสื้อผ้า กระเป๋า รองเท้า หรือเครื่องประดับเรียกได้ว่าเป็น one stop service สำหรับสินค้าแบรนด์เนมทั้งมือหนึ่ง และมือสอง.
นอกจากนั้นชาว HOL จะไม่พลาดเทรนด์แฟชั่นใหม่ๆเพราะเราจะรีบนำเทรนด์แฟชั่นใหม่ๆมาบอกเล่าผ่านทุกช่องทางแบบไม่มีตกเทรนด์แน่นอน นักช้อปในแบบฉบับของ HOL คือนักช้อปยุคใหม่ที่มีความเป็นตัวของตัวเองสูง ฉลาดช้อป และอัพเดทเทรนด์แฟชั่นตลอดเวลา
