Detailed Remote Desktop intrusion combat

To put it simply, Terminal Services is an application technology that Windows provides to allow users to perform remotely on a Windows Terminal Server, as shown in the figure.

Operations such as adding files from a remote administrator can be displayed directly on the Terminal server, and other actions will not be visible on the terminal server. For example, a client user creates a new text file in the Remote Desktop window on the remote computer's desktop, and the text file is immediately displayed on the Terminal Server's desktop. However, any program that calls the terminal Server on the client, including programs on the desktop, is not displayed in real time on the Terminal server. This provides a reasonable desktop allocation for multiple users to operate a terminal server at the same time.

But from a security point of view, Terminal Services brings a lot of convenience, but also gives us a security risk--malicious users can be violent guessing the end user password to easily enter the terminal system, so as to achieve full control of the Terminal server.

The "terminal" unification is called "Remote Desktop" in the Windows XP system and later versions, as shown in the figure.

Here's how to implement Remote Desktop intrusion, taking Windows XP as an example.

Step 1: Before the invasion, let's take a port scan of the Windows XP computer so that you can see the effects of the actions that are performed in this lesson. You can see in the scan results that this computer does not have 3389 ports open.

Step 2: Then, use the Trojan program in Windows XP to add

Plus super account. After the account was created successfully, we cannot see the newly created account in the Computer Management window.

Step 3: We can only see in the Command Prompt window that 123 This account has been created successfully, as shown in the figure.

Step 4: At this point, you can use the Netuse command to connect to the Windows XP computer in the Command Prompt window.

Step 5: Next, you can map the C disk in the remote Windows XP computer to the native by using the commands shown in the illustration.

Step 6: In the My Computer window, double-click the C disk in the remote Windows XP computer to copy the open 3389 applet downloaded from "http://hshy9.ys168.com".

Step 7: At this point, you can use the "NettimeW192.168.1.233" command to get the time of the remote computer, as shown in the figure.

Step 8: Next, use the command Uat192.168.1.823:40c:opents.exe "set the replicated open 3389 program.

Run as shown in the figure.

Step 9: After waiting for the specified time, you can use the scanning software to scan the Windows XP computer for ports.

Step 10: At this point, if you use the "Netstat-an" command to view the port in the Command Prompt window of the Ghost XP SP3 system computer, you can see that 3389 ports are already open, as shown in the figure.

In the My Computer Properties window, you can see in the Remote tab interface that the Allow users to connect remotely to this computer item is automatically selected, as shown in the figure.

Step 11: At this point, you can log on to the Windows XP computer under the graphical interface using the hidden accounts that you create and the open 3389 features. However, because Windows XP only allows one computer to log on at the same time, you also need to copy the tools downloaded from "http://hshy9.ys168.com" to allow Windows XP to support 2 user logins to the mapped C disk partition and run it using the AT command. As shown in the figure.

Step 12: After you wait for the program to run, after the Windows XP computer suddenly restarts, you can log on remotely using the Remote Desktop feature, as shown in the figure.

After you have completed the logon operation, you can perform a desktop environment operation on the remote computer in the window.