Remote Desktop

[blarch3030]

I've read if a few of the How To's that you need remote desktop access on a few of the guides, for example, the write your own buffer overflow scripts. So in a real pen testing enviroment, do you manage to get past the remote desktop access part (gui) or is it easy to gain that sort of access?

I could appriciate a few documentations and programs that can be useful to me.

NOTE: This is not a "Gief meh program that hacks system wit a button click plx kty!!11"
Serious answers please.

[purehate]

Every system has a different way to compromise it. That is half the fun in pentesting. If you are trying to gain password/bruteforce access to a system with services already enabled you go after the weakest one be it telnet,ssh,rdesktop or whatever.

If you are writing a exploit you use whatever shellcode you are the most comfortable with. In my case I love the meterpreter .dll and can do pretty much any thing I need with it including turning on rdesktop if I need it.

[brtw2003]

not sure what your are exactly looking for, but my assumption you are looking of ways/tools to get priviliged/non-privileged access to your victim(s).

There are several phases you should FULLY understand to create your attack vector and finishing with your finale phase and exploiting your victim:

1.discover - in-depth enumeratation of running network services of your victim (basic attack vectors) (depends if you are looking the hard way for server-side attacks or client-side based attacks) This phase can include fuzzing techniques or using the usual vulnerability scanners. Tools in BT4: cd /pentest/scanners && /pentest/fuzzers

2.exploit - start the lazy way: look for existing xploits (Offensive Security Training presents - The Exploit Database) and do some changes & testing. Going the hard way and do protocol/service fuzzing & write your own/manipulated xploits (blind injection until you get success or if you have the chance to get the target service binary and do classic reverse engineering)

3.access - maintain a reliable victim access through different types/level of access, this can be using meterpreter on windows-based victims and all his wonderfull enhancements (incl. starting remote desktop service-create user-disable firewall-use remote desktop session) and of course several dozen of other techniques, like creating connect-back tunnels, traffic redirection/mirroring,keyboard loggers etc


So I highly recommend starting with basics and not at the 'end' - maintaining victim access - to fully understand the impact & different phases of attacking clients during an (authorized ;-) Pentest.

Start with MSF unleashed Metasploit Unleashed - Mastering the Framework

Read fundemental books on this topics:
-Hacking the Art of Exploitation (general & beginner stuff)
-The Mac Hackers Handbook (to serious understand our MAC-OS X friends)
..and thousands of other references

/brtw2003