Break through remote desktop restrictions

Source: Internet
Author: User

00x00 cause

When connecting to the remote desktop, the server prompts the following:

 

1 You are not allowed to accessThis Terminal Server. Please contact your administratorFor More information. Secured by securerdp.

A closer look is not a problem with the remote management group,SecurerdpThis software restriction causes

Securerdp is a user login server management software. It prevents illegal users from trying to crack user passwords. It can filter IP/MAC addresses and computer names. It has the following functions:

1. Connection restrictions allow connection based on login time, IP address, host name, MAC address, client version, and other information

It seems that the connection to the client is limited. Currently, the popular D-shield and security dog have such functions.

 

 

00x01 Solution

OD Open and load Software

The ASPack shell ignores this and runs the software. The Registry API breakpoint regopenkeyexa is directly downloaded and the configuration is saved.

When the breakpoint is disconnected, the Registry path is displayed.

 

1 HKEY_LOCAL_MACHINE \ SOFTWARE \ terminalsoft \ wtsfilter

 

 

Run to the Registry and check it.

Evil directWtsfilter itemDeleted

 

 

Before deletion, I configured to exclude my own IP address. The system prompts that the connection is not allowed.

After the registry key is deleted, there are no restrictions.

 

 

The idea is quite clear. You can simply get rid of the registry key.

 

I first read the registry value in shell, and it does exist.

Read the registry value:

 

1 Reg Query"HKEY_LOCAL_MACHINE \ SOFTWARE \ terminalsoft \ wtsfilter" /V tsdata

 

Backup and export registry key:

 

1 CMD/C"Regedit/e d: \ freehost \ jiqiren \ WEB \ editor \ JS \ WTS. Reg"HKEY_LOCAL_MACHINE \ SOFTWARE \ terminalsoft \ wtsfilter""

 

Delete the registry key:

 

1 RegDelete "HKEY_LOCAL_MACHINE \ SOFTWARE \ terminalsoft \ wtsfilter" /VA/F

 

 

The connection to the target server is now released.

 

 

The server has Elevation of Privilege. After logging on to the server, restore the registry key and check its configuration. The computer name is restricted.

 

 

00x02 Summary

1. I didn't see the prompt at the beginning. I thought it was a group policy or a remote group relationship.

2. It is useless to kill the process directly when detecting the software, and the implementation method remains to be explored.

3. In fact, these small security software is not "safe" yet ".

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.