vnc.JPG

There have been a few times when I needed to get to some files or run some jobs on a windows (NT/2000/2003/XP) machine and had administrative access on the domain but VNC/Remote Desktop enabled on the machine, these times would often result in me driving to the site to do some tinkering for a short period of time followed by another drive back. After some time, I learned to use the built-in NT network services to my advantage. The first step in gaining access to a machine is to authenticate with the machine via ipc$ share to gain access to further NT services:

NET USE \\IPC$ /user:

Next, we can browse/modify files on the remote machine by doing:

COPY \\C$\some\file some\other\file

At this point, we can copy something like VNC onto the machine and then we can add a registry entry remotely (this can sometimes also be done by using REGEDIT and connecting to a remote registry) using the REGINI command:

REGINI –m \\ip file_to_add.ini

Finally, we can reboot the machine using shutdown (sloppy method) or use AT (and Scheduler) to schedule a service start:

SHUTDOWN –m \\ip /R /Y /T:0 /C

-or-

NETSVC \\ip schedule /start

AT \\ip “”

(NET TIME \\ip will tell you what the time on that machine currently is.)

There is the possibility for mischief here, but these tools also come in pretty handy when driving out to the machine is just too much of a pain in the ass.

 
del.icio.us | digg