[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE:[Full-Disclosure] XP Remote Desktop Remote Activation

To: <full-disclosure@xxxxxxxxxxxxxxxx>, "'Fixer'" <fixer907@xxxxxxxxx>
Subject: RE:[Full-Disclosure] XP Remote Desktop Remote Activation
From: "RandallM" <randallm@xxxxxxxxxxx>
Date: Sat, 2 Oct 2004 12:56:24 -0500

Would access to command shell be accomplished via the recent ZoneID hole if
such Administration password access is not available? Or perhaps even with
the launching
Of the MS04-028 exploit? Of course any Terminal usage on home pc's are
noticed because users
are locked out. Now terminal servers are a differnet story but user
intervention is still needed.

thank you
Randall M
 
 

<|>--__--__--
<|>
<|>Message: 3
<|>Date: Fri, 1 Oct 2004 23:50:45 -0500
<|>From: Fixer <fixer907@xxxxxxxxx>
<|>Reply-To: Fixer <fixer907@xxxxxxxxx>
<|>To: full-disclosure@xxxxxxxxxxxxxxxx
<|>Subject: [Full-Disclosure] XP Remote Desktop Remote Activation
<|>
<|>------=_Part_505_31077403.1096692645033
<|>Content-Type: text/plain; charset=US-ASCII
<|>Content-Transfer-Encoding: 7bit
<|>Content-Disposition: inline
<|>
<|>XP Remote Desktop Remote Activation
<|>
<|>
<|>Information
<|>____________________________________________________________________
<|>Windows XP Professional provides a service called Remote Desktop,
<|>which allows a user to remotely control the desktop as if he or she
<|>were in front of the system locally (ala VNC, pcAnywhere, etc.).
<|>
<|>By default, Remote Desktop is shipped with this service 
<|>turned off and
<|>only the Administrator is allowed access to this service.  It is
<|>possible, however, to modify a series of registry keys that may allow
<|>a malicious user who has already gained a command shell to activate
<|>Remote Desktop and add a user they have created for 
<|>themselves as well
<|>as to hide that user so that it will not show up as a user in the
<|>Remote Desktop user list.  The instructions for this are attached. 
<|>Additionally, I have listed a sample .reg file of the type that is
<|>discussed in the instructions below.
<|>_____________________________________________________________________
<|>

<SNIP>

<|>--__--__--
<|>
<|>Message: 6
<|>From: "Dominick Baier" <seclists@xxxxxxxxxxxxxxxxxx>
<|>To: "'Fixer'" <fixer907@xxxxxxxxx>, 
<|><full-disclosure@xxxxxxxxxxxxxxxx>
<|>Subject: RE: [Full-Disclosure] XP Remote Desktop Remote Activation
<|>Date: Sat, 2 Oct 2004 17:43:11 +0200
<|>
<|>if you have an administrator password for the machine you 
<|>can just use WMIC
<|>to turn remote desktop on.
<|>
<|>wmic /NODE:Server /USER:administrator RDTOGGLE WHERE 
<|>ServerName="Server"
<|>CALL SetAllowTSConnections 1
<|>
<|>End of Full-Disclosure Digest
<|>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
Next by Date: Re: [Full-Disclosure] On Polymorphic Evasion
Previous by thread: Re: [Full-Disclosure] XP Remote Desktop Remote Activation
Next by thread: Re: [Full-Disclosure] XP Remote Desktop Remote Activation
Index(es):
- Date
- Thread