[PEN-TEST] Fw: Vulnerabilities in Terminal Services RDP

[yuval yeret <yeret () EMAIL COM>]

hi,

Does anyone have any idea how to go about penetrating a Terminal Services
RDP connection ?

The situation is I have a network which I know has a Terminal Server which
is visible, and all
Terminal Services Clients are on the internal network and don't have any
route to the external networks.

Now I want to get to the internal networks. obviously there are firewalls
between the Server and the clients,
and also the Terminal Server is behind a firewall from the external network.

How can I try to penetrate, and what can I do? just DoS? real harm?

thanks, yuval