I’ve noticed that the search engine Shodan grabs screenshots from hosts running an RDP service, even if they offer a certificate.
To my understanding, the certificate is used to authentify the server, and encrypt the traffic sent and received (exactly like they are used in HTTPS), and thus should be irrelevant to the protection of hosts exposing RDP to the internet, but when I try to connect to such a service using xfreerdp, I get prompted for a password before I get to where the screenshot was taken, and then the error message :
freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014].
I read that Shodan does not try passwords, it just grabs screenshots from accessible targets without credentials How is Shodan able to grab such screenshots? or what does xfreerdp do instead of launching the RDP display?