Remote opening 3389 Terminal Services (Rookie) by Wawa 2002.01.13
Get a host's administrator privilege, but we disappointed discovery that this host did not install 3389 terminal service components, is it some desperate? Don't worry, let's explore the way to open 3389 remotely. First we should Understand 3389 Terminal Services, can be running under what system, personal understanding, terminal services can be run in most products of M $, such as WinNT4 / Win2000Server / Win2000ADV-Server / Win2000DS / XP, etc., but WinNT4 is required If you purchased, the 2000 professional version cannot remotely install the terminal service, at least I have not succeeded. In the following exploration, we are in Win2000 Server and Senior Server as an example. (Now use the most).
Now. Suppose we got a host administrator account and password. Host: 192.168.0.1 Account: Administrator Password: 77882000 System installation under C: / WinNT
From the above introduction, you can know that the 2000 Professional version cannot be remotely installed, then we must first determine whether the host is a professional or server version, we can enter the next link. We can use the other party to open account Judgment: C: /> Letmein //192.168.0.1 -all -dstating connection to server ... server local time is: 2002-1-13 10: 19: 22Start Get All Users Form Server ...----- --------------------- Total = 5 -------------------------- Num0 = administrator () Num1 = guest () Num2 = IUSR_SERVERNAME (Internet Guest Accident) Num3 = IWAM_SERVERNAME (Start IIS Process Account) Num4 = TSINTERNETUSER (TsinterNetuser) ----------------- --------- Total = 5 -------------------------- General situation NUM2 / 3/4 These three accounts It is 200RERVER default. The 2000 professional version is not open. We can also scan the other open port further confirmation: Use the scanning software such as: superscan3.exe scan the other party to determine whether the other party opens 25,3372 and other 2000Server The default open port. Of course, we can also use some tools, such as: cmdinfo.zip These 2 East East can get a list of local or remote NT / 2K hosts, system path, source disk path, PACK version, installation time and other series Information, a graphical interface, a command line. By return information, you can understand the opponent host situation.
There are some other methods to determine, such as: From the service opened by the other party, etc., from the above judgment accuracy is high, others will not explain.
If you find that the other host doesn't have that three accounts, the default port is not open, or the information of the information returned by cmdinfo is a 2000 professional version, you will give up the installation 3389 plan.
Now we have to enter the next link: Is there any installation in the end service? You may ask: Why do you want to judge? I have not discovered 3389 ports? Here you need to explain, if you install the terminal service component, there may be What kinds of cases can you scan 3389 ports? 1. Terminal Services Termservice is disabled in Administrative Tools >>> Services. 2. The RDP protocol required for Terminal Services Connection is in Administrative Tools >>> "Terminal Connection is disabled in Service Configuration. 3. Terminal Services Default Connection Port 3389 is changing. How to change, please see the modified terminal service default 3389 port (Photo) 4. The network adapter bound to the terminal service is not an external network .5. Problems such as firewall and port filtering. 6 ..... (I didn't expect) In fact, the most situation we encountered is the above five situations. Now it is now necessary to be installed. First Remote host connection, mapping Remote Host C Dish is a local Z disk net use z: //192.168.0.1/c (7788 "/ user:" administrator "command successfully completed. Then go to the Z: / Documents and Settings / All Users / "Start" Menu / Program / Administrative Tools> There is a shortcut file for Terminal Services Manager and Term Services, if there is installed The service components will have, but there is no (98% of people's deliberately deleted possibilities) We can further verify the commands of the commands that come with the terminal service after the next Telnet to the opponent's host. Judgment is complete, the other party seems to be installed Terminal service components, you can go to the next step: Telnet login the other party host, ready to install the service component. Here, I strongly recommend using the 2000 combo Telnet server to log in, there is an obvious, it is not easy to make mistakes. Personally feel it, once success The proportion is much higher. (Oh ~, personal understanding!) Even if there is no opening, turn off after the opening is used, it will be over ..abu. The fastest login Win2k Telnet service has introduced this method very detailed, and he The way (the same name, the same password account) is established, so that the quick implementation Telnet will be a reality. If we have opened the other party 23 port, Telnet 192.168.0.1 Enter the username / password * ========== ============================================================================================================================================================================================================= === Welcome to the Microsoft Telnet server.
* =========================================================================================================================================================================================== ============== C: /> // Successfully entered !!!! After entering, check if the terminal component is installed: C: /> Query User requires the installation of terminal services. So Further, the component is not installed. If returned: username sessionname id state idle 0 runs. 2002-1-12 22: 5 // Similar to this information, may be installed. Good! It's clear, you can start installing. ------------------------------------------------------------------------------------------------------ ---------- C: /> DIR C: /SYSOC.INF / S / / Check the location of the INF file C: / Winnt / INF directory 2000-01-10 20:00 3,770 sysoc.inf1 Document 3,770 bytes ---------------------------------------------------------------------------------------------------------------------- -------- C: /> DIR C: /SYSOCMGR.* / S // Check component installer C: / winnt / system32 directory 2000-01-10 20:00 42,768 sysocmgr.exe1 files 42,768 byte------------------------------------------------ ---- C: /> Echo [Components]> C: / WAWA C: /> Echo Tsenable = ON >> C: / WAWA // This is the establishment of unattended installation parameters C: /> Type C: / WAWA [Components] tsenable = ON // Check parameter file ------------------------------------- ---------------- C: /> sysocmgr /i:c:/winnt/inf/sysoc.inf / u: c: / wawa / q ------ ---------------------------------------------- this one is Really install the component's command. The above command does not add / R parameter, the host will automatically restart after installation. If the / R parameter is added The host will not restart. If everything is normal, the other host will be offline after a few minutes. When it returns, the 3389 terminal service is already open. You can go up. Question and suggestions: a during installation Do not use / r, sometimes the host will not restart, you will manually restart him, but when using the like: Iisreset / reboot command, the other party's screen will have a dialog box, write who causing this startup And how many seconds are randing. B can be tried again, and it is very funny in practice. C must not turn the command parameters when entering the sysocmgr command, will do a big conversation in the other party Box, is the help of sysocmgr, very conspicuous, and requires determination. Don't have any reactions on your screen, you won't know an error, so there will be a suggestion of B. Please ask more questions about 3389 Visit: http://3389.cnxhacker.net/ This is a 3389 technical column of "China X Hacker Team", welcome to discuss related technologies!