mailing list archives
RE:XP Remote Desktop Remote Activation
From: "RandallM" <randallm () fidmail com>
Date: Sat, 2 Oct 2004 12:56:24 -0500
Would access to command shell be accomplished via the recent ZoneID hole if
such Administration password access is not available? Or perhaps even with
Of the MS04-028 exploit? Of course any Terminal usage on home pc's are
noticed because users
are locked out. Now terminal servers are a differnet story but user
intervention is still needed.
<|>Date: Fri, 1 Oct 2004 23:50:45 -0500
<|>From: Fixer <fixer907 () gmail com>
<|>Reply-To: Fixer <fixer907 () gmail com>
<|>To: full-disclosure () lists netsys com
<|>Subject: [Full-disclosure] XP Remote Desktop Remote Activation
<|>Content-Type: text/plain; charset=US-ASCII
<|>XP Remote Desktop Remote Activation
<|>Windows XP Professional provides a service called Remote Desktop,
<|>which allows a user to remotely control the desktop as if he or she
<|>were in front of the system locally (ala VNC, pcAnywhere, etc.).
<|>By default, Remote Desktop is shipped with this service
<|>turned off and
<|>only the Administrator is allowed access to this service. It is
<|>possible, however, to modify a series of registry keys that may allow
<|>a malicious user who has already gained a command shell to activate
<|>Remote Desktop and add a user they have created for
<|>themselves as well
<|>as to hide that user so that it will not show up as a user in the
<|>Remote Desktop user list. The instructions for this are attached.
<|>Additionally, I have listed a sample .reg file of the type that is
<|>discussed in the instructions below.
<|>From: "Dominick Baier" <seclists () leastprivilege com>
<|>To: "'Fixer'" <fixer907 () gmail com>,
<|><full-disclosure () lists netsys com>
<|>Subject: RE: [Full-disclosure] XP Remote Desktop Remote Activation
<|>Date: Sat, 2 Oct 2004 17:43:11 +0200
<|>if you have an administrator password for the machine you
<|>can just use WMIC
<|>to turn remote desktop on.
<|>wmic /NODE:Server /USER:administrator RDTOGGLE WHERE
<|>CALL SetAllowTSConnections 1
<|>End of Full-Disclosure Digest
Full-Disclosure - We believe in it.