Results 1 to 3 of 3

Thread: Remote Desktop

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    5

    Default Remote Desktop

    I've read if a few of the How To's that you need remote desktop access on a few of the guides, for example, the write your own buffer overflow scripts. So in a real pen testing enviroment, do you manage to get past the remote desktop access part (gui) or is it easy to gain that sort of access?

    I could appriciate a few documentations and programs that can be useful to me.

    NOTE: This is not a "Gief meh program that hacks system wit a button click plx kty!!11"
    Serious answers please.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Remote Desktop

    Every system has a different way to compromise it. That is half the fun in pentesting. If you are trying to gain password/bruteforce access to a system with services already enabled you go after the weakest one be it telnet,ssh,rdesktop or whatever.

    If you are writing a exploit you use whatever shellcode you are the most comfortable with. In my case I love the meterpreter .dll and can do pretty much any thing I need with it including turning on rdesktop if I need it.

  3. #3

    Default Re: Remote Desktop

    not sure what your are exactly looking for, but my assumption you are looking of ways/tools to get priviliged/non-privileged access to your victim(s).

    There are several phases you should FULLY understand to create your attack vector and finishing with your finale phase and exploiting your victim:

    1.discover - in-depth enumeratation of running network services of your victim (basic attack vectors) (depends if you are looking the hard way for server-side attacks or client-side based attacks) This phase can include fuzzing techniques or using the usual vulnerability scanners. Tools in BT4: cd /pentest/scanners && /pentest/fuzzers

    2.exploit - start the lazy way: look for existing xploits (Offensive Security Training presents - The Exploit Database) and do some changes & testing. Going the hard way and do protocol/service fuzzing & write your own/manipulated xploits (blind injection until you get success or if you have the chance to get the target service binary and do classic reverse engineering)

    3.access - maintain a reliable victim access through different types/level of access, this can be using meterpreter on windows-based victims and all his wonderfull enhancements (incl. starting remote desktop service-create user-disable firewall-use remote desktop session) and of course several dozen of other techniques, like creating connect-back tunnels, traffic redirection/mirroring,keyboard loggers etc


    So I highly recommend starting with basics and not at the 'end' - maintaining victim access - to fully understand the impact & different phases of attacking clients during an (authorized ;-) Pentest.

    Start with MSF unleashed Metasploit Unleashed - Mastering the Framework

    Read fundemental books on this topics:
    -Hacking the Art of Exploitation (general & beginner stuff)
    -The Mac Hackers Handbook (to serious understand our MAC-OS X friends)
    ..and thousands of other references

    /brtw2003
    Last edited by brtw2003; 02-16-2010 at 09:51 PM.

Similar Threads

  1. How to add recycle bin to desktop.
    By HackNCr@ck3r in forum BackTrack Howtos
    Replies: 5
    Last Post: 02-25-2010, 11:54 PM
  2. desktop not showing up
    By dinkestefan in forum Beginners Forum
    Replies: 4
    Last Post: 02-01-2010, 07:39 PM
  3. Installing VNC on Remote computer.
    By jones in forum Beginners Forum
    Replies: 1
    Last Post: 01-18-2010, 05:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •