Remote Desktop With Windows

[NegativeSpace]

Thanks for the help. Still haven't had the chance to go to an outside network and try it out. How can I create a secondary network here for testing?

[digip]

By the way, Home editions of windows can't be RDP hosts, but they can be Remote Help Session enabled, in other words, you can send an invite for someone to do a Remote Help Session, which is basically the same thing as RDP, only you don't get locked out of the screen and can see everything your helper is doing as well as take control of the session. If you want full autonomous control in home edition, you need a 3rd party RDP setup. Windows Professional allows full RDP logins, while server editions have full on terminal services, that you won't even know someone is logged on remotely to the server without checking logged on users. THe server version lets someone else work in the background while you still have access to the machine and aren't locked out of the session. Basically for multiple admins to do work on a domain at the same time if needed.

In windows Home editions, right click my computer and check enable "Allow Remote Assistance" under remote settings. Then go to start menu, and help(under XP) or the search/find bar in windows 7 and type in "windows remote assistance" and then click "Invite Someone". You can then save it to a file (can also be put on a thumb drive) or send as an email attachment directly. The client end user who receives it opens it and starts the session and then you have to click at the host end to accept and allow it. This is Microsoft's way of safeguarding home users from remote desktop attacks via things like TSgrinder or just normal brute forcing. If someone knew your windows logon, like a friend or family member, this also prevents them from RDP'ing into the machine without going through the remote assistance setup.

[NegativeSpace]

By the way, Home editions of windows can't be RDP hosts, but they can be Remote Help Session enabled, in other words, you can send an invite for someone to do a Remote Help Session, which is basically the same thing as RDP, only you don't get locked out of the screen and can see everything your helper is doing as well as take control of the session. If you want full autonomous control in home edition, you need a 3rd party RDP setup. Windows Professional allows full RDP logins, while server editions have full on terminal services, that you won't even know someone is logged on remotely to the server without checking logged on users. THe server version lets someone else work in the background while you still have access to the machine and aren't locked out of the session. Basically for multiple admins to do work on a domain at the same time if needed.

In windows Home editions, right click my computer and check enable "Allow Remote Assistance" under remote settings. Then go to start menu, and help(under XP) or the search/find bar in windows 7 and type in "windows remote assistance" and then click "Invite Someone". You can then save it to a file (can also be put on a thumb drive) or send as an email attachment directly. The client end user who receives it opens it and starts the session and then you have to click at the host end to accept and allow it. This is Microsoft's way of safeguarding home users from remote desktop attacks via things like TSgrinder or just normal brute forcing. If someone knew your windows logon, like a friend or family member, this also prevents them from RDP'ing into the machine without going through the remote assistance setup.

I came across remote assistance on one of my WIN7 machines. I haven't looked at it yet, but it sounds potentially useful and good to learn. I am going to try that after I have tested my outside network RDP skills. Does anyone know what the other 'remote' feature of WIN7 is? The one that asks for a domain or URL in order to add remote resources ("icons"...."links" etc)?

[digip]

Joining a domain is generally done for corporate networks and usually done to allow you access to shared resources on the network. It also is so you can apply group policy to workstations joining the domain and a whole bunch of other security things you can do to lock down the workstation. Not generally something you would use at home uneless testing or developing a domain type network, such as pen testing, or rolling out updates like in a lab for testing before going live on the production side.

[NegativeSpace]

Joining a domain is generally done for corporate networks and usually done to allow you access to shared resources on the network. It also is so you can apply group policy to workstations joining the domain and a whole bunch of other security things you can do to lock down the workstation. Not generally something you would use at home uneless testing or developing a domain type network, such as pen testing, or rolling out updates like in a lab for testing before going live on the production side.

That actually connects a lot of dots for me. I'll probably end up trying to create a domain, though I'm not totally clear on what a domain consists of, it sounds like a cool way to administer a network for an obsessive person such as myself.

[digip]

That actually connects a lot of dots for me. I'll probably end up trying to create a domain, though I'm not totally clear on what a domain consists of, it sounds like a cool way to administer a network for an obsessive person such as myself.

You'll want to download a free copy of Windows Server(I think they give you 180 days to test) and then set it up in a VM. Then have a bunch of XP, Vista, or Windows 7 VMs to join the domain created by the server. This will entail setting up Active Directory and DNS on the server to act as the main domain controller. Its a good place to start learning more about windows networks in general, especially if you ever decide to go that route for IT, education and certification, would help with getting a job as an Administrator in a windows environment.

[hexophrenic]

Late to the thread, but if you look hard enough there are "hacks" to get Win 7 home editions to allow RDP service and even allow more than 1 user per machine and more than 1 session per user. Google should be your friend.

[Infiltrator]

Late to the thread, but if you look hard enough there are "hacks" to get Win 7 home editions to allow RDP service and even allow more than 1 user per machine and more than 1 session per user. Google should be your friend.

Found the article you are referring to

http://fawzi.wordpress.com/2008/02/09/enabling-multiple-remote-desktop-sessions-in-windows-xp/

[hexophrenic]

That is similar and works with XP, but there is also a version for Windows 7 out there: http://thegreenbutton.com/forums/p/79427/393664.aspx#393664

[NegativeSpace]

Found the article you are referring to

http://fawzi.wordpress.com/2008/02/09/enabling-multiple-remote-desktop-sessions-in-windows-xp/

I have a version of XP that is enabled to be an RDP host, though it doesn't allow multiple simultaneous RDP clients. Is there a particular advantage to allowing this to happen? I mean, I can't think of any reason that I would need to allow multiple RDP sessions. Maybe in the future, when I have a good understanding of using Windows RDP, I could allow friends to use my computer as a sort of file server for sharing my music/pictures/whatever. I think by that point I will be exploring open operating systems, which is something that I am pretty interested in. I plan on using an old outdated machine as the hardware for multiple alternative OS installations so that I will have a platform for learning the ins and outs of 'web hosting' the right way (not sure if that's the correct term). I don't see any reason why I would need a Linux OS for daily computing, like web browsing for example, but I am already finding that Windows is not a great platform for networking.

On that note, are there any suggestions for OS's to try (for later consideration)? I really like the idea of having all those cool capabilities that Darren is always demonstrating in HAK5 episodes. I guess the specific OS that stands out in my mind as being very useful for networking and 'hacking' purposes is Backtrack. Man, if I had owned a computer and had access to these things as a kid I would have never left the house. Now I want to make up for lack of opportunity from when I was a kid.

Edited February 8, 2011 by NegativeSpace

[NegativeSpace]

That is similar and works with XP, but there is also a version for Windows 7 out there: http://thegreenbutton.com/forums/p/79427/393664.aspx#393664

The WIN7 Home Premium machine that I have is portable, and I don't keep any files or resources on it that I would need to access remotely, and there's the fact that it's usually inside of a case inside of a backpack. I would actually like to be able to use that machine as an RDP host just because I think I should be able to if I want. I don't know why MS thinks anyone will spend over a hundred dollars to upgrade their OS just so they can use a feature that can be replaced by something that is free and more secure. Maybe in the future, when the computer becomes less and less useful as a portable platform, I will want to use it for remote hosting. Until then, there is just no way I would spend all that money to upgrade to a professional version of Windows, so maybe this article will turn out to be useful.

Can anyone tell me how this technique works? I mean, is it a custom file patch or what?

[hexophrenic]

The benefit to me in the past was not having to wait, if my wife had been logged in, for her to confirm it is okay to continue and bump her offline or just wait until it times out when she did not log off. Allowing multiple RDP sessions was not used, but having an rdp session concurrent with a logged in console session was very useful.

[NegativeSpace]

The benefit to me in the past was not having to wait, if my wife had been logged in, for her to confirm it is okay to continue and bump her offline or just wait until it times out when she did not log off. Allowing multiple RDP sessions was not used, but having an rdp session concurrent with a logged in console session was very useful.

Ohhhh OK. I missed that part. I see how that could be useful for a shared machine, but the XP machine that I use most, and is the RDP host in question, is only used by me. I like the idea of having to approve that my local machine be allowed to serve an RDP connection. I didn't know that was the case , though. When I tested RDP locally, I was stil logged onto my user account on the XP RDP host, and I didn't have to approve or do anything on the host machine, Windows simply logged me off when I connected to it from another computer. Is that how it works with the standard built in RDP host software by default? If I did that update/patch, would it then mean that I would have to log out of Windows before I left the house in order to be able to connect to it from remote location?

[hexophrenic]

It does not appear if you are logging in via RDP as the same user that is logged into the console. The patch would allow you to be logged into the console has userX, remain logged in and working, and then log in as userY and not interfere with userX's session. Additionally, you could be logged in to the console as userX and then RDP as userX but into a new session rather than continuing the console session. I am not sure if this "patch" allows the /console flag to be set in the mstsc or not. I do not normally enable the multiple sessions as same user functionality.

[Infiltrator]

The WIN7 Home Premium machine that I have is portable, and I don't keep any files or resources on it that I would need to access remotely, and there's the fact that it's usually inside of a case inside of a backpack. I would actually like to be able to use that machine as an RDP host just because I think I should be able to if I want. I don't know why MS thinks anyone will spend over a hundred dollars to upgrade their OS just so they can use a feature that can be replaced by something that is free and more secure. Maybe in the future, when the computer becomes less and less useful as a portable platform, I will want to use it for remote hosting. Until then, there is just no way I would spend all that money to upgrade to a professional version of Windows, so maybe this article will turn out to be useful.

Can anyone tell me how this technique works? I mean, is it a custom file patch or what?

The only benefit is that you can have multiple remote sessions happening at the same time. So even if there is someone already at the computer, you won't be needing to disconnect their session to remote into the computer, you can still remote into the computer and do whatever you want without disturbing them.

That's the benefit of having multiple sessions opened at once, a bit like Terminal services or Citrix desktop.

[NegativeSpace]

So last night I went to an outside network and initiated an RDP session. The connection was made, but I was unable to see the remote desktop, the local machines RDP window was just black. Anyone know what went wrong?

[digip]

It probably removed the wallpaper and icons per bandwith settings. Did you at least get a taskbar? if no taskbar was available, then something else might be amiss, but if your start menu was there and no backround, this is just a setting that can be changed under the MSTSC client under options.

[NegativeSpace]

It probably removed the wallpaper and icons per bandwith settings. Did you at least get a taskbar? if no taskbar was available, then something else might be amiss, but if your start menu was there and no backround, this is just a setting that can be changed under the MSTSC client under options.

I used the settings save file that I had created earlier that included instructions for showing desktop wallpaper, but with most of the other fancy settings turned off. I didn't even get the task bar, no buttons, nothing from the remote desktop, just a black screen. I tried again from my local network when I got home and it worked as expected. Oh, i should mention that the RDP session never got to the point of splash screen and entering user credentials. Don't know what that means though.

[Infiltrator]

Try turning off Bitmap caching, under the MSTSC option, that usually can cause this sort of issues.

[digip]

Try turning off Bitmap caching, under the MSTSC option, that usually can cause this sort of issues.

Either that, or the connection was too slow to connect properly. I've had issues on TeamViewer, where its so slow, the screen is a bunch of lines. Turned out to be a faulty router and modem at the other end. Once I had them reset the modem, connection picked up and was fine. RDP works best, when the speed is above dial up bursts ;) If the network is severely slow, issues will follow. The other thought is that the session failed in some manner. I know you have to have port 3389 forwarded for RDP, but I remember there having to be a second port open and reachable as well for return session info, kind of like how ftp requires both port 21 and port 20 in order to work, as it can't work with just port 21 alone. This could be the problem you ran into.

Q. What port does Remote Desktop use? Does everything go over port 3389?

A.

Port 3389 is the only port you need to open. Windows will attempt to stream sound through User Datagram Protocol (UDP) first. If no port is available for UDP, sound will stream through a virtual channel in Remote Desktop Protocol, which uses port 3389.

- http://www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx

Microsoft says you only need 3389 open, but I recall something from class where that isn't 100% true, since there are default network ports MSFT uses for communications, such as ports 135-139, 445 and 500.

See here for other ports MSFT uses: http://technet.microsoft.com/en-us/library/bb632618.aspx

If I'm not mistaken, ports 135-139 play a role in RDP as well for session data, but also would make your box insecure if accessible remotely since RPC can be abused and commands used in different reconnaissance tools to enumerate info about the machine remotely, such as NMAP, Metasploit, etc. These ports are generally blocked when behind NAT on a router or using good firewall configuration when directly connected to the modem. You can test this by hooking the machine in question directly to the internet through the modem without the use of the router, but I would only do this for a short time to test if it works. If it still doesn't, then something else is at play.

[NegativeSpace]

I know you have to have port 3389 forwarded for RDP, but I remember there having to be a second port open and reachable as well for return session info.. This could be the problem you ran into.

- http://www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx

Microsoft says you only need 3389 open, but I recall something from class where that isn't 100% true, since there are default network ports MSFT uses for communications, such as ports 135-139, 445 and 500.

See here for other ports MSFT uses: http://technet.microsoft.com/en-us/library/bb632618.aspx

If I'm not mistaken, ports 135-139 play a role in RDP as well for session data, but also would make your box insecure if accessible remotely since RPC can be abused and commands used in different reconnaissance tools to enumerate info about the machine remotely, such as NMAP, Metasploit, etc. These ports are generally blocked when behind NAT on a router or using good firewall configuration when directly connected to the modem. You can test this by hooking the machine in question directly to the internet through the modem without the use of the router, but I would only do this for a short time to test if it works. If it still doesn't, then something else is at play.

It really seems like at least some level of connection was made so the theory that I need to open more ports seems to hold up in my opinion. I'm going to try opening some other ports as per Microsoft documents and then just use neighbors wifi to test. I have FTTU Fiber to the User internet, so I don't have a modem in here, my internet comes down a CAT-V from the enumerator outside, and the host machine in question is in another room, kinda a pain in the ass to move it, and I don't have a wired data network in the house. I thought about trying to use the machine that is wired to the router as the host in order to perform your test, but it will not serve as an RDP host because of it's OS version.

I was just outside looking at the FTTU enumerator, and when i opened it up I noticed that it has a DE-9 VGA port on it. There are also lights for various functions like data, POST, and a few other including one that says VGA which, I assume, is the graphics connection established indicator light. I'm not familiar enough with fiber optics and wide area networks in general to know if there is anything cool i could do with all of those connections and plugs and lights. If i had seen something like that 15 years ago I would probably have ruined it beyond repair trying to figure out how it works.

[hexophrenic]

You don't need anything but 3389. I would definitely not open 135-139 and/or 445 from the internet, unless you tell us what your public IP is so we can help "troubleshoot."

[555]

I tried out RDP, but found Team Viewer to be a better method in a lot of cases.. it depends what you are trying to do. I think you need XP pro to use RDP on both systems, and they can still see the mouse moving around and stuff. Team Viewer does the same thing, if you want invisable viewing of a remote PC look into a good RAT or "Remote admin tool"