Full Disclosure mailing list archives
Re: XP Remote Desktop Remote Activation
From: Fixer <fixer907 () gmail com>
Date: Sat, 2 Oct 2004 14:17:58 -0500
That I can't say as I actually developed this several months ago and just now released it because of SP2, which makes it a bit harder to pull this off. You're absolutely right that when you remotely access the machine that it locks out the user. The upside (or maybe downside) is that alot of home users still leave their machines on all night so that's not a big deal, just use NET TIME to check the local time and run RD when they aren't likely to be on. Worst case is that you'll get booted when they reset the machine :-( Fixer On Sat, 2 Oct 2004 12:56:24 -0500, RandallM <randallm () fidmail com> wrote:
Would access to command shell be accomplished via the recent ZoneID hole if such Administration password access is not available? Or perhaps even with the launching Of the MS04-028 exploit? Of course any Terminal usage on home pc's are noticed because users are locked out. Now terminal servers are a differnet story but user intervention is still needed. thank you Randall M <|>--__--__-- <|> <|>Message: 3 <|>Date: Fri, 1 Oct 2004 23:50:45 -0500 <|>From: Fixer <fixer907 () gmail com> <|>Reply-To: Fixer <fixer907 () gmail com> <|>To: full-disclosure () lists netsys com <|>Subject: [Full-disclosure] XP Remote Desktop Remote Activation <|> <|>------=_Part_505_31077403.1096692645033 <|>Content-Type: text/plain; charset=US-ASCII <|>Content-Transfer-Encoding: 7bit <|>Content-Disposition: inline <|> <|>XP Remote Desktop Remote Activation <|> <|> <|>Information <|>____________________________________________________________________ <|>Windows XP Professional provides a service called Remote Desktop, <|>which allows a user to remotely control the desktop as if he or she <|>were in front of the system locally (ala VNC, pcAnywhere, etc.). <|> <|>By default, Remote Desktop is shipped with this service <|>turned off and <|>only the Administrator is allowed access to this service. It is <|>possible, however, to modify a series of registry keys that may allow <|>a malicious user who has already gained a command shell to activate <|>Remote Desktop and add a user they have created for <|>themselves as well <|>as to hide that user so that it will not show up as a user in the <|>Remote Desktop user list. The instructions for this are attached. <|>Additionally, I have listed a sample .reg file of the type that is <|>discussed in the instructions below. <|>_____________________________________________________________________ <|> <SNIP> <|>--__--__-- <|> <|>Message: 6 <|>From: "Dominick Baier" <seclists () leastprivilege com> <|>To: "'Fixer'" <fixer907 () gmail com>, <|><full-disclosure () lists netsys com> <|>Subject: RE: [Full-disclosure] XP Remote Desktop Remote Activation <|>Date: Sat, 2 Oct 2004 17:43:11 +0200 <|> <|>if you have an administrator password for the machine you <|>can just use WMIC <|>to turn remote desktop on. <|> <|>wmic /NODE:Server /USER:administrator RDTOGGLE WHERE <|>ServerName="Server" <|>CALL SetAllowTSConnections 1 <|> <|>End of Full-Disclosure Digest <|>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)
- Re: XP Remote Desktop Remote Activation Joel R. Helgeson (Oct 02)
- RE: XP Remote Desktop Remote Activation Dominick Baier (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- RE: XP Remote Desktop Remote Activation Larry Seltzer (Oct 02)
- Re: XP Remote Desktop Remote Activation H D Moore (Oct 03)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 03)
- <Possible follow-ups>
- RE:XP Remote Desktop Remote Activation RandallM (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)