combatwombat27 Posted September 17, 2011 Share Posted September 17, 2011 (edited) My brother and I like to mess with each others computers (nothing harmfull) Ok so here is what I want to be able to do: 1. Remotely access command line with no trace (any popup or messages or notifications on the desktop) (I don't mind logs or something like that.) I would like to setup something like SSH in linux really. It would be cool to have a batch file that created a user and then allowed a command line connection to it. I could deploy it on my brothers computer to get him back :P I have heard of people using psexec. but I really don't know how to set it up on the host computer. 2 Not necessary but an added bonus to be able to view the screen w/ out annoying popups saying i'm connected etc. Here is why. 1. I think my younger brother is using it while I am gone and I want to mess w/ him (sibling rivalry) 2. In case someone steals it. Yes it is my computer, yes I need to be able to do it via the internet, not just the network. I don't HAVE to have #2 but it would be nice. Any other ideas would be nice Oh just in case this helps, its a windows box. thanks Edited September 17, 2011 by combatwombat27 Quote Link to comment Share on other sites More sharing options...
Fasckira Posted September 18, 2011 Share Posted September 18, 2011 My brother and I like to mess with each others computers (nothing harmfull) Ok so here is what I want to be able to do: 1. Remotely access command line with no trace (any popup or messages or notifications on the desktop) (I don't mind logs or something like that.) I would like to setup something like SSH in linux really. It would be cool to have a batch file that created a user and then allowed a command line connection to it. I could deploy it on my brothers computer to get him back :P I have heard of people using psexec. but I really don't know how to set it up on the host computer. 2 Not necessary but an added bonus to be able to view the screen w/ out annoying popups saying i'm connected etc. Here is why. 1. I think my younger brother is using it while I am gone and I want to mess w/ him (sibling rivalry) 2. In case someone steals it. Yes it is my computer, yes I need to be able to do it via the internet, not just the network. I don't HAVE to have #2 but it would be nice. Any other ideas would be nice Oh just in case this helps, its a windows box. thanks If its really your computer then theres no need to have a script to create the user is there? Just create it before you go. If you're concerned hes using it while you're gone then just tie it down to one user with a password. Not so sure about this though because you start off saying you mess with each other's PCs but then by the end of the post you're implying that its your PC. Hmm. :P PsExec is probably your best option, what part are you having trouble with in setting it up? Also, I dont think FreeVNC notifies the target computer when a connection is made but its been awhile since I used that. I think LogMeIn has the option to disable notification viewing prompts after installation but again, not sure. Also if you're accessing it across the internet you'll need to make sure you can see the VNC port (if thats the route you go down) externally and make sure you either know the IP (if its static) or set up one of those dyndns-free addresses if its not. PsExec: http://technet.microsoft.com/en-us/sysinternals/bb897553 RealVNC: http://www.realvnc.com/index.html DynDNS-Free: http://dyn.com/dns/dyndns-free/ Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 18, 2011 Share Posted September 18, 2011 PsExec is probably your best option, what part are you having trouble with in setting it up? Also, I dont think FreeVNC notifies the target computer when a connection is made but its been awhile since I used that. I think LogMeIn has the option to disable notification viewing prompts after installation but again, not sure. Also if you're accessing it across the internet you'll need to make sure you can see the VNC port (if thats the route you go down) externally and make sure you either know the IP (if its static) or set up one of those dyndns-free addresses if its not. PsExec: http://technet.microsoft.com/en-us/sysinternals/bb897553 RealVNC: http://www.realvnc.com/index.html DynDNS-Free: http://dyn.com/dns/dyndns-free/ If you know the administrator password of your brother's computer, than PsExec would definitely be something you want to try. On the other hand, since I haven't used FreeVNC or logMeIn, don't know how effective they are in terms of controlling a PC remotely, ( does it require the end user to accept your session or does it automatically logs you in and give you full control). I've used Dameware in the past and its really scary, it doesn't require any end user interaction, you get full control of the PC in matter of seconds. Now when using PsExec there is no need for installation, it's all command line based. You can download it from this URL, http://technet.microsoft.com/en-us/sysinternals/bb897553. The url also contain some sample commands that will be useful when learning. If you need any assistance just hit me up. Quote Link to comment Share on other sites More sharing options...
Fasckira Posted September 18, 2011 Share Posted September 18, 2011 Problem with DameWare and Logmein out the box is that when you connect to a target machine it gives a prompt telling the user generally something like "<computername> is monitoring this session". Quote Link to comment Share on other sites More sharing options...
Fasckira Posted September 18, 2011 Share Posted September 18, 2011 Oh, and LogMeIn/VNC/Dameware doesnt require end-user approval either but does require initial access to the machine to install the applications (though I think you can remote install on Dameware if you have admin rights?) Quote Link to comment Share on other sites More sharing options...
joeypesci Posted September 18, 2011 Share Posted September 18, 2011 We use to have the "Break in Wars" at work. When bored, we'd try and break into each others machine, but the rule was you weren't allowed to do anything in AD, as that was to easy and ruined the fun. My colleague managed to get onto mine and changed a local group policy so no one but the local admin could shut down the machine. All users could only log off :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 21, 2011 Share Posted September 21, 2011 Oh, and LogMeIn/VNC/Dameware doesnt require end-user approval either but does require initial access to the machine to install the applications (though I think you can remote install on Dameware if you have admin rights?) Interesting..... I normally fly out to remote communities to fix up government computers and networks and if memory serves me well, the last time I went on a site, I was experiencing some issues with an application holding its server settings, so I phone this guy and he remotely connected to this PC I was having issues with, and in matter of seconds he took complete control over this PC, through Dameware. Now what really freaked me out was that no message popped up on the screen requesting my approval. So I'm guessing it can also be configured not to request the end user to approve the connection. Quote Link to comment Share on other sites More sharing options...
combatwombat27 Posted September 22, 2011 Author Share Posted September 22, 2011 (edited) If its really your computer then theres no need to have a script to create the user is there? Just create it before you go. If you're concerned hes using it while you're gone then just tie it down to one user with a password. Not so sure about this though because you start off saying you mess with each other's PCs but then by the end of the post you're implying that its your PC. Hmm. :P Yes, the script was for messing with my brother. And I have got that setup. I have a batch file created to setup a user, grant them admin rights and then edit the registry so they don't show up at login. If you know the administrator password of your brother's computer, than PsExec would definitely be something you want to try. On the other hand, since I haven't used FreeVNC or logMeIn, don't know how effective they are in terms of controlling a PC remotely, ( does it require the end user to accept your session or does it automatically logs you in and give you full control). I've used Dameware in the past and its really scary, it doesn't require any end user interaction, you get full control of the PC in matter of seconds. Now when using PsExec there is no need for installation, it's all command line based. You can download it from this URL, http://technet.microsoft.com/en-us/sysinternals/bb897553. The url also contain some sample commands that will be useful when learning. If you need any assistance just hit me up. I am looking into Dameware, but my issue is the cost @ $289.00 to prank with my brother. Now yes there is a trial but that is only 30 days of fun. P.S. I love Command and Conquer also. For my situation I also cannot have the "This session is monitored..." or "%computername% is connected..." because that will ruin the stealthy stealthness. I could probably work with something that wouldn't let me use the mouse and keyboard but just view the screen. But I would prefer both. I will check into all the suggestions! Edited September 22, 2011 by combatwombat27 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 22, 2011 Share Posted September 22, 2011 Yes, the script was for messing with my brother. And I have got that setup. I have a batch file created to setup a user, grant them admin rights and then edit the registry so they don't show up at login. I am looking into Dameware, but my issue is the cost @ $289.00 to prank with my brother. Now yes there is a trial but that is only 30 days of fun. P.S. I love Command and Conquer also. For my situation I also cannot have the "This session is monitored..." or "%computername% is connected..." because that will ruin the stealthy stealthness. I could probably work with something that wouldn't let me use the mouse and keyboard but just view the screen. But I would prefer both. I will check into all the suggestions! I know with VNC you can remotely install it and stealthily watch the PC. Check out the Hak5 wiki, there is a nice tutorial on how to do that. Quote Link to comment Share on other sites More sharing options...
combatwombat27 Posted September 22, 2011 Author Share Posted September 22, 2011 I know with VNC you can remotely install it and stealthily watch the PC. Check out the Hak5 wiki, there is a nice tutorial on how to do that. I see the link for the remote install http://wiki.hak5.org/index.php?title=Remotely_Install_VNC Where is the "stealthily watch the pc" part? I just don't want to be watching over him and him notice the mouse move..He will be looking for stuff like that and it would kill it :/ Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 22, 2011 Share Posted September 22, 2011 I see the link for the remote install http://wiki.hak5.org/index.php?title=Remotely_Install_VNC Where is the "stealthily watch the pc" part? I just don't want to be watching over him and him notice the mouse move..He will be looking for stuff like that and it would kill it :/ See this article for more details. http://www.makeuseof.com/tag/how-to-spy-on-your-spouse-with-your-computer/ Quote Link to comment Share on other sites More sharing options...
PajtimiO Posted November 14, 2011 Share Posted November 14, 2011 @combatwombat27 Im using RemoteDesktopSpy bit.ly/rmtpajtim Search on net for cr4cked version If you know how to configure it right it's invisible and you have live view of screen, screenshots keylogs etc. :) Sorry for my english, im from Kosovo :) Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted November 15, 2011 Share Posted November 15, 2011 If you have physical access to the machine, just use metasploit to get a meterpreter session and key log it from there. We should probably avoid mentioning keyloggers by name here to keep away undesired elements from the forums. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 16, 2011 Share Posted November 16, 2011 We should probably avoid mentioning keyloggers by name here to keep away undesired elements from the forums. How about cracking WPA keys or passwords, should we also avoid mentioning them, because it has been mentioned several times in the past. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted November 16, 2011 Share Posted November 16, 2011 Cracking WPA requires somewhat of a technical knowledge to do so. All these keyloggers readily available for download require 0 technical background, they are point and click, and of all the things we do/discuss here they are definitely the most malicious. Metasploit is the answer to all the OP's questions anyways. I'm no mod either, but I personally think it's better if google services this crowd and not hak5. But hey, go ahead, post their names with download links and see what kind of crowd it attracts. I hope you like answering questions like "BUT I HIT INSTALL AND IT TELLZ ME I NEED ADMIN PRIVS WUT DO I DO LOL !1!!!" Quote Link to comment Share on other sites More sharing options...
flood Posted November 17, 2011 Share Posted November 17, 2011 I would use TightVNC. In the Windows registry you can modify certains keys to prevent it from prompting for a password or showing an icon in the system tray. It's been years since i've done it but the location is the typical HKLM\softare\tightvnc\ ... the keys.. and changing values from 0 to 1 or the other way around. Quote Link to comment Share on other sites More sharing options...
combatwombat27 Posted November 17, 2011 Author Share Posted November 17, 2011 It is my box, so I have physical access to the machine and have admin privlages, that is not the issue. Being such, using metasploit to hack in and get a shell seems a bit arse backwards making more work on me. Unless your suggesting add a bugged program or some other means to know for sure that I can exploit the system and even then... doesn't sound quite appealing. I'm quite aware that given the right circumstance I could get in via an exploit with metasploit but that's not really the way I want to go. I'm going to look into a couple of the suggestions here. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted November 17, 2011 Share Posted November 17, 2011 Metasploit is probably the easiest way, setup a java applet attack on the LAN and viola. Then once you have a meterpreter session you install the keylogger from a hidden installer (almost all the mainstream ones offer hidden installers). Then you use meterpreter keyscan as a backup keylogger in case the antivirus catches the other one, run persistence and metsvc to maintain access, and you pwned the pc without ever having to touch it. Then delete your tracks. Much easier/cleaner/reliable/stealthy than simply installing a keylogger. In my experience, when you ask a question in hak5 9 times out of 10 metasploit will be the answer. Quote Link to comment Share on other sites More sharing options...
combatwombat27 Posted November 18, 2011 Author Share Posted November 18, 2011 Metasploit is probably the easiest way, setup a java applet attack on the LAN and viola. Then once you have a meterpreter session you install the keylogger from a hidden installer (almost all the mainstream ones offer hidden installers). Then you use meterpreter keyscan as a backup keylogger in case the antivirus catches the other one, run persistence and metsvc to maintain access, and you pwned the pc without ever having to touch it. Then delete your tracks. Much easier/cleaner/reliable/stealthy than simply installing a keylogger. In my experience, when you ask a question in hak5 9 times out of 10 metasploit will be the answer. Again, Metasploit when I already have physical access? I mean metasploit is designed to exploit and get me in.. but .. I am in.... Also. I'm not really looking for a keylogger. That just happened to be someone's suggestion.. the other suggestions I will be looking into the next couple of days. I'm down to persistent cmd prompt access. Quote Link to comment Share on other sites More sharing options...
digip Posted November 18, 2011 Share Posted November 18, 2011 I think Fasckira's 3 links and suggestion would be the way to go. If you have physical access to the machine, you can create a new user and add the registry bit or group policy to not show it on the main login screen, so it can be a hidden user with administrator privileges. Either that, or just dump the hash and get your brothers password and authenticate as him via psexec or just set up RDP and login remotely via the gui. Only problem with RDP is it will lock their screen when you use it and they will see this if they are at the computer since desktop machines only allow one signe don session at a time, vs server 2003/2008 which allow multiple Terminal Server logins at once. There are 3rd party client/server programs that can do Terminal Services, or using something like VNC as an alternative, and can be started as a service on boot with no icon to show up in the systray, but you have to set that up at the machine yourself ahead of time, or use Metasploit to remotely inject a VNC session. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.