Re: Windows Independant GUI

Goodmorning,

You are right upon the terminal services but with regards to the user 
being "kicked off" this is meer configuration. There are actual RDP 
lisences that you can purchase from windows. Many people in a corporate 
environment do so. In a single "poor man's" setup with RDP the event you 
referred to will occur. Yet again a "poor man's" setup is VNC in most 
cases :P Personally I dont use windows that much and definately not RDP! 
VNC has done fine for the passing years and I dont see why it wouldnt 
for the upcoming years.

Many Thanks,
Mario A. Spinthiras



Beauford, Jason wrote:
> Isaac Van Name wrote:
>   
> > For the record, Remote Desktop Connection only spawns another
> > "virtual desktop" on a system running Terminal Services (Server 2003
> > and, I believe, Server 2000).  Windows XP runs Terminal Services Lite
> > and, as such, Remote Desktop Connection used on a Windows XP box will
> > kick off the user currently logged in.  WinConnect XP Server is an
> > option to get multiple RDP sessions, and I'm sure others know of
> > better ways (or, at least, I hope so), as WinConnect is not cheap.   
> >
> > Isaac Van Name
> >
> > -----Original Message-----
> > From: Marios A. Spinthiras [mailto:mario@netway.com.cy]
> > Sent: Tuesday, September 05, 2006 5:02 AM
> > To: pen-test@securityfocus.com
> > Subject: Re: Windows Independant GUI
> >
> > Remote Desktop Connection spawns another "virutal desktop" under the
> > account credentials you specify. This is unlike VNC which simply
> > connects to the active display of the user currently logged on. If
> > VNC is running as a system service it still means that you will be
> > connecting to the Administrator account. If the station is locked
> > (ALT CTRL DEL) then you will be looking at the same screen that the
> > user looks at when he looks at the monitor of the workstation.
> > Disregarding that simply for aesthetic purposes , what you need is a
> > RDP like connection.        
> >
> > Regards,
> > Mario A. Spinthiras
> >
> > One2@onetwo.com wrote:
> >     
> > > Hey All,
> > >
> > > After compromising Windows workstations I am able to gain a remote
> > > GUI via
> > >       
> > either Terminal Services, VNC, GetScreen, etc.
> >     
> > > However, this remote access gives me access to the user's GUI, which
> > >       
> > limits me to using the GUI when they seem to have left for lunch. ;o)
> >     
> > > Does anyone know of any way that I can gain an independant GUI so
> > > that I
> > >       
> > can use and install GUI software to continue the attack, without
> > having to worry about whether the user is using their GUI? 
> >     
> > > All ideas are welcome.
> > >       
>
> My opinion is that the more programs you install, the more likely you
> are to be detected.  CLI equivalents should be used instead of trying to
> use GUI interfaces.
>
> That aside, this hack may help you.  I've never tried myself so I cannot
> report on it.  Just putting it out there for you to try.
>
> http://sig9.com/articles/concurrent-remote-desktop
>
>
> Kind Regards,
>
> JMB
>
>
>   

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------