Full Disclosure mailing list archives
RE:XP Remote Desktop Remote Activation
From: "RandallM" <randallm () fidmail com>
Date: Sat, 2 Oct 2004 12:56:24 -0500
Would access to command shell be accomplished via the recent ZoneID hole if such Administration password access is not available? Or perhaps even with the launching Of the MS04-028 exploit? Of course any Terminal usage on home pc's are noticed because users are locked out. Now terminal servers are a differnet story but user intervention is still needed. thank you Randall M <|>--__--__-- <|> <|>Message: 3 <|>Date: Fri, 1 Oct 2004 23:50:45 -0500 <|>From: Fixer <fixer907 () gmail com> <|>Reply-To: Fixer <fixer907 () gmail com> <|>To: full-disclosure () lists netsys com <|>Subject: [Full-disclosure] XP Remote Desktop Remote Activation <|> <|>------=_Part_505_31077403.1096692645033 <|>Content-Type: text/plain; charset=US-ASCII <|>Content-Transfer-Encoding: 7bit <|>Content-Disposition: inline <|> <|>XP Remote Desktop Remote Activation <|> <|> <|>Information <|>____________________________________________________________________ <|>Windows XP Professional provides a service called Remote Desktop, <|>which allows a user to remotely control the desktop as if he or she <|>were in front of the system locally (ala VNC, pcAnywhere, etc.). <|> <|>By default, Remote Desktop is shipped with this service <|>turned off and <|>only the Administrator is allowed access to this service. It is <|>possible, however, to modify a series of registry keys that may allow <|>a malicious user who has already gained a command shell to activate <|>Remote Desktop and add a user they have created for <|>themselves as well <|>as to hide that user so that it will not show up as a user in the <|>Remote Desktop user list. The instructions for this are attached. <|>Additionally, I have listed a sample .reg file of the type that is <|>discussed in the instructions below. <|>_____________________________________________________________________ <|> <SNIP> <|>--__--__-- <|> <|>Message: 6 <|>From: "Dominick Baier" <seclists () leastprivilege com> <|>To: "'Fixer'" <fixer907 () gmail com>, <|><full-disclosure () lists netsys com> <|>Subject: RE: [Full-disclosure] XP Remote Desktop Remote Activation <|>Date: Sat, 2 Oct 2004 17:43:11 +0200 <|> <|>if you have an administrator password for the machine you <|>can just use WMIC <|>to turn remote desktop on. <|> <|>wmic /NODE:Server /USER:administrator RDTOGGLE WHERE <|>ServerName="Server" <|>CALL SetAllowTSConnections 1 <|> <|>End of Full-Disclosure Digest <|> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)
- Re: XP Remote Desktop Remote Activation Joel R. Helgeson (Oct 02)
- RE: XP Remote Desktop Remote Activation Dominick Baier (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- RE: XP Remote Desktop Remote Activation Larry Seltzer (Oct 02)
- Re: XP Remote Desktop Remote Activation H D Moore (Oct 03)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 03)
- <Possible follow-ups>
- RE:XP Remote Desktop Remote Activation RandallM (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)