Remote Desktop Session Hijacking

Also available in: Polski Polski


I do not know how people get so excited … It is obvious that the SYSTEM can get into memory each process so why such WoW, that having the SYSTEM account, you can switch to a different logged-on user?

Can dlatemu, that you can have more privileges (e.g. Domain Admin). However, please note that:

  1. To use the method of switching on the SYSTEM you must be an administrator for the server on which this account is obtained.
  2. M $ and not only say that you should work with the lowest possible privileges so why anyone sane would sign such as the Enterprise permissions on these permissions are not the computer where the Admin’a needs and that can be compromised? Read: and quote: “Do not use service administrator accounts for day-to-day administrative tasks, such as account and member server management; Instead, use your regular user account. “” D[..]omain Admins credentials are required to perform the following steps: [..]”

But what what do you mean?

  1. We find the computer on which we have Admin and logged inadvertently Admin domain. We can help you with: query user
  2. change the permissions on the SYSTEM:
    PsExec-s \localhost cmd
  3. lists sessions (we remember our session and the session name of the victim), of course, better to the victim’s session has been inactive;-P
  4. Switching on the victim’s sessions:
    TSCON <numer naszej="" sesji="">/dest:<nazwa sesji="" ofiary=""> </nazwa> </numer>
  5. We look forward to;-)

And for those who prefer movies here’s a YouTube version: