I was trying something very simple today on Kali 2016.1 (Kali 2 rolling), passing the hash to an RDP session based on this Kali blog post.

It should have been as simple as apt-get install freerdp-x11 and then the correct command. Again and again though it failed. When I started digging into the help menu, I noticed that the /pth: option wasn't there. The blog states that the newest version supports PTH, but doesn't name that version. The included version will return the following.

[email protected]:~# xfreerdp /version
This is FreeRDP version 1.1.0-beta1 (git n/a)

Somewhere along the rolling train, it appears that an outdated version from prior to the PTH flag was included, not the most recent. Trying to build from git resulted in several minor errors that appear to be incorrect package names. To save myself future hassle, this appears to be the correct short steps to building from source on Kali 2016.1

git clone git://github.com/FreeRDP/FreeRDP.git
cd FreeRDP

apt-get install build-essential git-core cmake xsltproc libssl-dev libx11-dev libxext-dev libxinerama-dev libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev libxrandr-dev libxi-dev libgstreamer-plugins-base1.0-dev libavutil-dev libavcodec-dev

cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON .
make
make install

restart your terminal

[email protected]:~# xfreerdp /version
This is FreeRDP version 2.0.0-dev (git fb63dd2)

Remember, since this relies on the Restricted Admin mode, this will only work against RDP version 8.1 which, I believe, means Server 2012 R2, Windows 8.1, and the like.

Update: 20 June 2016 - As pointed out in the comments below, at least two libraries no longer seem to be available. These would be libgstreamer0.10 and libgstreamer-plugins-base0.10. I see the similarly named packages libgstreamer1.0-0 and libgstreamer-plugins-base1.0-0. I've removed the 0.10 packages from the above dependencies, however, I have not added the similar ones until I receive confirmation that they work.

If anyone has an environment where they can test this and make sure that it functions correctly, please let me know what the outcome is.