RE: Windows Independant GUI

From: Beauford, Jason (jbeauford@EightInOnePet.com)
Date: Tue Sep 05 2006 - 16:40:23 EDT

• Next message: mohanuagle@yahoo.co.in: "Re: Core Impact Vs Manual Pen Test"
• Previous message: Butler, Theodore: "RE: assessing IIS 5.0"
• Maybe in reply to: One2@onetwo.com: "Windows Independant GUI"
• Next in thread: Marios A. Spinthiras: "Re: Windows Independant GUI"
• Reply: Marios A. Spinthiras: "Re: Windows Independant GUI"
• Reply: Isaac Van Name: "RE: Windows Independant GUI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Isaac Van Name wrote:
> For the record, Remote Desktop Connection only spawns another
> "virtual desktop" on a system running Terminal Services (Server 2003
> and, I believe, Server 2000). Windows XP runs Terminal Services Lite
> and, as such, Remote Desktop Connection used on a Windows XP box will
> kick off the user currently logged in. WinConnect XP Server is an
> option to get multiple RDP sessions, and I'm sure others know of
> better ways (or, at least, I hope so), as WinConnect is not cheap.
>
> Isaac Van Name
>
> -----Original Message-----
> From: Marios A. Spinthiras [mailto:mario@netway.com.cy]
> Sent: Tuesday, September 05, 2006 5:02 AM
> To: pen-test@securityfocus.com
> Subject: Re: Windows Independant GUI
>
> Remote Desktop Connection spawns another "virutal desktop" under the
> account credentials you specify. This is unlike VNC which simply
> connects to the active display of the user currently logged on. If
> VNC is running as a system service it still means that you will be
> connecting to the Administrator account. If the station is locked
> (ALT CTRL DEL) then you will be looking at the same screen that the
> user looks at when he looks at the monitor of the workstation.
> Disregarding that simply for aesthetic purposes , what you need is a
> RDP like connection.
>
> Regards,
> Mario A. Spinthiras
>
> One2@onetwo.com wrote:
>> Hey All,
>>
>> After compromising Windows workstations I am able to gain a remote
>> GUI via
> either Terminal Services, VNC, GetScreen, etc.
>>
>> However, this remote access gives me access to the user's GUI, which
> limits me to using the GUI when they seem to have left for lunch. ;o)
>>
>> Does anyone know of any way that I can gain an independant GUI so
>> that I
> can use and install GUI software to continue the attack, without
> having to worry about whether the user is using their GUI?
>>
>> All ideas are welcome.

My opinion is that the more programs you install, the more likely you
are to be detected. CLI equivalents should be used instead of trying to
use GUI interfaces.

That aside, this hack may help you. I've never tried myself so I cannot
report on it. Just putting it out there for you to try.

http://sig9.com/articles/concurrent-remote-desktop

Kind Regards,

JMB

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: mohanuagle@yahoo.co.in: "Re: Core Impact Vs Manual Pen Test"
• Previous message: Butler, Theodore: "RE: assessing IIS 5.0"
• Maybe in reply to: One2@onetwo.com: "Windows Independant GUI"
• Next in thread: Marios A. Spinthiras: "Re: Windows Independant GUI"
• Reply: Marios A. Spinthiras: "Re: Windows Independant GUI"
• Reply: Isaac Van Name: "RE: Windows Independant GUI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:54 EDT