Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Windows Independant GUI
From: "Isaac Van Name" <ivanname () southerlandsleep com>
Date: Wed, 6 Sep 2006 07:51:58 -0500

Yes, I have seen the link provided, and a million others like it... the
concurrent desktop "hack" for Windows XP does work to get multiple sessions
by using a older, less secure version of the dll file.  However, without
physical access, it could be a safe bet that you would damage the system
instead of succeeding with the process; after all, every one of those sites
recommends re-booting the computer in safe mode to change the dll (while it
isn't already loaded).

Also, if the computer you're trying to do the concurrent sessions on is part
of a domain, that process will not work.  Word to the hopeful.

Of course, that being said, I agree with the CLI comment.  I'm a firm
believer in strong DOS and scripting and, if you think something can't be
done with those two things, then you just haven't tried hard enough or
learned enough.

Isaac Van Name

-----Original Message-----
From: Beauford, Jason [mailto:jbeauford () EightInOnePet com] 
Sent: Tuesday, September 05, 2006 3:40 PM
To: Isaac Van Name; Marios A. Spinthiras
Cc: pen-test () securityfocus com
Subject: RE: Windows Independant GUI

Isaac Van Name wrote:
For the record, Remote Desktop Connection only spawns another
"virtual desktop" on a system running Terminal Services (Server 2003
and, I believe, Server 2000).  Windows XP runs Terminal Services Lite
and, as such, Remote Desktop Connection used on a Windows XP box will
kick off the user currently logged in.  WinConnect XP Server is an
option to get multiple RDP sessions, and I'm sure others know of
better ways (or, at least, I hope so), as WinConnect is not cheap.   

Isaac Van Name

-----Original Message-----
From: Marios A. Spinthiras [mailto:mario () netway com cy]
Sent: Tuesday, September 05, 2006 5:02 AM
To: pen-test () securityfocus com
Subject: Re: Windows Independant GUI

Remote Desktop Connection spawns another "virutal desktop" under the
account credentials you specify. This is unlike VNC which simply
connects to the active display of the user currently logged on. If
VNC is running as a system service it still means that you will be
connecting to the Administrator account. If the station is locked
(ALT CTRL DEL) then you will be looking at the same screen that the
user looks at when he looks at the monitor of the workstation.
Disregarding that simply for aesthetic purposes , what you need is a
RDP like connection.        

Mario A. Spinthiras

One2 () onetwo com wrote:
Hey All,

After compromising Windows workstations I am able to gain a remote
GUI via
either Terminal Services, VNC, GetScreen, etc.

However, this remote access gives me access to the user's GUI, which
limits me to using the GUI when they seem to have left for lunch. ;o)

Does anyone know of any way that I can gain an independant GUI so
that I
can use and install GUI software to continue the attack, without
having to worry about whether the user is using their GUI? 

All ideas are welcome.

My opinion is that the more programs you install, the more likely you
are to be detected.  CLI equivalents should be used instead of trying to
use GUI interfaces.

That aside, this hack may help you.  I've never tried myself so I cannot
report on it.  Just putting it out there for you to try.


Kind Regards,


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]