RE: Windows Independant GUI

["Isaac Van Name" <ivanname () southerlandsleep com>]

Yes, I have seen the link provided, and a million others like it... the
concurrent desktop "hack" for Windows XP does work to get multiple sessions
by using a older, less secure version of the dll file.  However, without
physical access, it could be a safe bet that you would damage the system
instead of succeeding with the process; after all, every one of those sites
recommends re-booting the computer in safe mode to change the dll (while it
isn't already loaded).

Also, if the computer you're trying to do the concurrent sessions on is part
of a domain, that process will not work.  Word to the hopeful.

Of course, that being said, I agree with the CLI comment.  I'm a firm
believer in strong DOS and scripting and, if you think something can't be
done with those two things, then you just haven't tried hard enough or
learned enough.

Isaac Van Name

-----Original Message-----
From: Beauford, Jason [mailto:jbeauford () EightInOnePet com] 
Sent: Tuesday, September 05, 2006 3:40 PM
To: Isaac Van Name; Marios A. Spinthiras
Cc: pen-test () securityfocus com
Subject: RE: Windows Independant GUI

Isaac Van Name wrote:
> For the record, Remote Desktop Connection only spawns another
> "virtual desktop" on a system running Terminal Services (Server 2003
> and, I believe, Server 2000).  Windows XP runs Terminal Services Lite
> and, as such, Remote Desktop Connection used on a Windows XP box will
> kick off the user currently logged in.  WinConnect XP Server is an
> option to get multiple RDP sessions, and I'm sure others know of
> better ways (or, at least, I hope so), as WinConnect is not cheap.   
>
> Isaac Van Name
>
> -----Original Message-----
> From: Marios A. Spinthiras [mailto:mario () netway com cy]
> Sent: Tuesday, September 05, 2006 5:02 AM
> To: pen-test () securityfocus com
> Subject: Re: Windows Independant GUI
>
> Remote Desktop Connection spawns another "virutal desktop" under the
> account credentials you specify. This is unlike VNC which simply
> connects to the active display of the user currently logged on. If
> VNC is running as a system service it still means that you will be
> connecting to the Administrator account. If the station is locked
> (ALT CTRL DEL) then you will be looking at the same screen that the
> user looks at when he looks at the monitor of the workstation.
> Disregarding that simply for aesthetic purposes , what you need is a
> RDP like connection.        
>
> Regards,
> Mario A. Spinthiras
>
> One2 () onetwo com wrote:
> > Hey All,
> >
> > After compromising Windows workstations I am able to gain a remote
> > GUI via
> either Terminal Services, VNC, GetScreen, etc.
> > However, this remote access gives me access to the user's GUI, which
> limits me to using the GUI when they seem to have left for lunch. ;o)
> > Does anyone know of any way that I can gain an independant GUI so
> > that I
> can use and install GUI software to continue the attack, without
> having to worry about whether the user is using their GUI? 
> > All ideas are welcome.

My opinion is that the more programs you install, the more likely you
are to be detected.  CLI equivalents should be used instead of trying to
use GUI interfaces.

That aside, this hack may help you.  I've never tried myself so I cannot
report on it.  Just putting it out there for you to try.

http://sig9.com/articles/concurrent-remote-desktop


Kind Regards,

JMB



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------