0x904 Rdp -

socat TCP-LISTEN:2308,fork TCP:10.0.0.100:3389

Standard RDP uses port 3389 (0xD3D). Port 2308 (0x904) is not an official IANA-registered port for RDP. In cybersecurity and system administration, its use with RDP implies port redirection , tunneling , or obfuscation —typically for security evasion or network segmentation. Write-Up: Analysis of RDP on Non-Standard Port 0x904 (2308/TCP) 1. Overview | Attribute | Value | |-----------|-------| | Port number (hex) | 0x904 | | Port number (decimal) | 2308 | | Protocol | TCP (typically) | | Standard service | Unassigned / ephemeral range (IANA) | | Observed use | Alternative port for Microsoft RDP | | Risk context | Evasion, lateral movement, misconfiguration | 0x904 rdp

nmap -p 2308 --script rdp-ntlm-info <target> Or manually: socat TCP-LISTEN:2308,fork TCP:10

| Risk | Impact | |------|--------| | | Pre-authentication RCE, port-agnostic. | | CredSSP oracle (CVE-2018-0886) | Man-in-the-middle or RCE if patching missed. | | Password spraying | Attacker scans 2308 instead of 3389. | | NLA bypass | If Network Level Authentication is disabled. | | Tunnel detection evasion | Logging may ignore non-standard ports. | 5. Forensic Artifacts (If Compromised via 0x904) On a Windows host where RDP was accessed through port 2308: 5.1 Registry Check for custom RDP port: Write-Up: Analysis of RDP on Non-Standard Port 0x904