Open-AudIT

Skip to content

Remote Desktop (Terminal Service) connection link.

Please post to the Open-AudIT forum for Feature Requests.
Topic locked

Remote Desktop (Terminal Service) connection link.

Postby A_Hull » Thu Jul 20, 2006 8:19 pm

UPDATED I have added code to connect to RDP (Terminal Services) on a box, and to show all Terminal Server Services running on the LAN.

Once you have made the changes in the next post, expand the RDP Servers Detected tab and click the link next to the remote desktop or terminal server you want to connect to. A file Open/Save dialog box should pop up, chose Open and you will connect to the Remote Desktop or Terminal Server (if its running and not firewalled obviously).

In IE you may need to save then open the link in, but in Firefox, just open it.

I have kept the code modular, so we can add remote control buttons from any page.

The same method would work with VNC as vnc can be controlled from a .vnc file, but I haven't had time to look into this.

You could also launch various other file types, including .vbs in this way, so start thinking how to apply this elsewhere. I can see this working well for the system actions.. what does anybody else think.:?:

How it works..

Clicking the link creates a {machine_name}.rdp file in the" launchpad" folder on the web server which is then pushed to the client to download. If we choose to open the file then the default application (which you can choose) will be used to open the file.

If you are running Windows XP you will need to have Remote Desktop installed on the workstation you are connecting from (but not necessarily running).

If unsure what to open the link with try.. %SystemRoot%\System32\mstsc.exe

This should also work from a Linux or Mac OSX browser so long as you have a suitable RDP viewer application to launch with the rdp file, and it can make sense of it.

See the following post for the code...

Let me know how you get on, I'm off for a week, so any bugs, either fix them or wait till I get back.

Hope it makes your lives easier. :?: Let me know your results...
Last edited by A_Hull on Fri Jul 21, 2006 10:14 pm, edited 11 times in total.
User avatar
A_Hull
Moderator
 
Posts: 2400
Joined: Tue Jan 25, 2005 3:09 am
Location: Scotland
Top

IT WORKS!

Postby A_Hull » Fri Jul 21, 2006 6:09 pm

Three code snippets follow.

In index.php add in a section after the VNC section as follows.



Code: Select all
//rdp

//// RDP Servers Detected
  echo "<div class=\"main_each\">\n";
  $count = 0;
  $bgcolor = "#FFFFFF";
  echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"content\">\n";
  echo "<tr>\n";
  echo " <td class=\"contenthead\" colspan=\"4\"><a href=\"javascript://\" onclick=\"switchUl('f11');\">Acitve RDP-Terminal Servers Detected.</a></td>\n";
  echo " <td align=\"right\"><a href=\"javascript://\" onclick=\"switchUl('f11');\"><img src=\"" . $but_all . "\" width=\"16\" height=\"16\" border=\"0\" /></a></td>\n";
  echo "</tr>\n";
  echo "</table>";
  echo "<div style=\"display:none;\" id=\"f11\">";
  echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"content\">\n";
  echo "<tr><td colspan=\"2\"><b><big><big>Service Detected</big></big></b></td></tr>";
  //echo "<tr><td colspan=\"2\"><b><big><big>Windows Service Detected and Started</big></big></b></td></tr>";
  echo "<tr>\n";
  echo "<td><b>IP Address</b></td>\n";
  echo "<td><b>Name</b></td>\n";
  echo "<td width=\"150\"><b>RDP Server Name</b></td>\n";
  echo "<td width=\"150\"><b>or IP Address</b></td>\n";
  echo "<td width=\"150\"><b>Service</b></td>\n";
  echo "<td width=\"150\"><b>Running</b></td>\n";
  echo "</tr>";
  $SQL = "SELECT service_uuid, MAX(service_timestamp) AS timestamp FROM service GROUP BY service_uuid";
  $result = mysql_query($SQL, $db);
  if ($myrow = mysql_fetch_array($result)){
    do {
      // Service Detected
      $sql2 = "SELECT service_uuid, service_display_name, service_started FROM service WHERE service_display_name LIKE '%Terminal Services%' AND service_started = 'True' AND service_timestamp = '" . $myrow["timestamp"] . "' AND service_uuid = '" . $myrow["service_uuid"] . "'";
      $result2 = mysql_query($sql2, $db);
      if ($myrow2 = mysql_fetch_array($result2)){
        do {
          if ($bgcolor == "#F1F1F1") {
            $bgcolor = "#FFFFFF"; }
          else { $bgcolor = "#F1F1F1"; }
          $SQL3 = "SELECT net_ip_address, system_name FROM system WHERE system_uuid = '" . $myrow2["service_uuid"] . "' AND system_timestamp = '" . $myrow["timestamp"] . "'";
          $result3 = mysql_query($SQL3, $db);
          $myrow3 = mysql_fetch_array($result3);
          $count = $count + 1;
          echo "<tr bgcolor=\"" . $bgcolor . "\">\n";
          echo "<td>" . ip_trans($myrow3["net_ip_address"]) . "&nbsp;</td>\n";
          echo "<td><a href=\"system_summary.php?pc=" . $myrow2["service_uuid"] . "&amp;sub=1\">" . $myrow3["system_name"] . "</a>&nbsp;&nbsp;&nbsp;</td>\n";
//  Added to allow us to link to the Terminal server on the selected machine (AJH)
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".$myrow3["system_name"].".rdp\"/>&nbsp;&nbsp;" . $myrow3["system_name"] . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".long2ip(ip2long(ip_trans($myrow3["net_ip_address"]))).".rdp\"/>&nbsp;&nbsp;" . long2ip(ip2long(ip_trans($myrow3["net_ip_address"]))) . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
   
//          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= rdp://".$myrow3["system_name"]." TARGET=\"_blank\"/>&nbsp;&nbsp;" . $myrow3["system_name"] . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
//          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= rdp://".long2ip(ip2long(ip_trans($myrow3["net_ip_address"])))." TARGET=\"_blank\"/>&nbsp;&nbsp;" . long2ip(ip2long(ip_trans($myrow3["net_ip_address"]))) . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
//
          echo "<td>" . $myrow2["service_display_name"] . "</td>\n";
          echo "<td>" . $myrow2["service_started"] . "</td>\n";
          echo "</tr>\n";
        } while ($myrow2 = mysql_fetch_array($result2));
      } else {}
    } while ($myrow = mysql_fetch_array($result));
    echo "<tr><td><br />&nbsp;</td></tr>\n";
  } else {}
  // Nmap discovered on Audited PC
  $SQL = "select sys.net_ip_address,sys.system_name,sys.system_uuid from system sys, nmap_other_ports port where port.nmap_port_number = '5900' AND port.nmap_other_id = sys.system_uuid";
  $result = mysql_query($SQL, $db);
  if ($myrow = mysql_fetch_array($result)){
    echo "<tr><td colspan=\"2\"><b><big><big>Nmap discovered on Audited PC</big></big></b></td></tr>";
    echo "<tr>\n";
    echo "<td width=\"150\"><b>IP Address</b></td>\n";
    echo "<td width=\"150\"><b>Name</b></td>\n";
    echo "<td width=\"150\"><b>RDP Server Name </b></td>\n";
    echo "<td width=\"150\"><b>or IP Address</b></td>\n";
    echo "</tr>\n";
    do {
      $count = $count + 1;
      if ($bgcolor == "#F1F1F1") {
        $bgcolor = "#FFFFFF"; }
      else { $bgcolor = "#F1F1F1"; }
   echo "<tr bgcolor=\"" . $bgcolor . "\">\n";
   echo "<td>" . ip_trans($myrow["net_ip_address"]) . "&nbsp;</td>\n";
   echo "<td><a href=\"system_summary.php?pc=" . $myrow["system_uuid"] . "&amp;sub=1\">" . $myrow["system_name"] . "</a>&nbsp;&nbsp;&nbsp;</td>\n";

//  Added to allow us to link to the Terminal server on the selected machine (AJH)
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".$myrow["system_name"].".rdp\"/>&nbsp;&nbsp;" . $myrow["system_name"] . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".long2ip(ip2long(ip_trans($myrow["net_ip_address"]))).".rdp\"/>&nbsp;&nbsp;" . long2ip(ip2long(ip_trans($myrow["net_ip_address"]))) . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";

    echo "<td></td>\n";
   echo "</tr>\n";
    } while ($myrow = mysql_fetch_array($result));
    echo "<tr><td><br />&nbsp;</td></tr>\n";
  } else {}
  // Nmap discovered on Other equipment
  $SQL = "select oth.other_id, oth.other_ip, oth.other_name, oth.other_mac_address from other oth, nmap_other_ports port where port.nmap_port_number = '5900' AND port.nmap_other_id = oth.other_mac_address";
  $result = mysql_query($SQL, $db);
  if ($myrow = mysql_fetch_array($result)){
    if ($bgcolor == "#F1F1F1") {
      $bgcolor = "#FFFFFF"; }
    else { $bgcolor = "#F1F1F1"; }
    echo "<tr><td colspan=\"2\"><b><big><big>Nmap discovered on Other equipment</big></big></b></td></tr>\n";
    echo "<tr bgcolor=\"" . $bgcolor . "\">\n";
    echo "<td width=\"150\"><b>IP Address</b></td>\n";
    echo "<td width=\"150\"><b>Name</b></td>\n";
    echo "<td width=\"150\"><b>RDP Server Name </b></td>\n";
    echo "<td width=\"150\"><b>or IP Address</b></td>\n";
    echo "</tr>\n";
    do {
      $count = $count + 1;
      if ($bgcolor == "#F1F1F1") {
        $bgcolor = "#FFFFFF"; }
      else { $bgcolor = "#F1F1F1"; }
   echo "<tr bgcolor=\"" . $bgcolor . "\">\n";
   echo "<td>" . ip_trans($myrow["other_ip"]) . "&nbsp;</td>\n";
   echo "<td><a href=\"other_summary.php?other=" . $myrow["other_id"] . "&amp;sub=1\">" . $myrow["other_name"] . "</a>&nbsp;&nbsp;&nbsp;</td>\n";

//  Added to allow us to link to the Terminal server on the selected machine (AJH)
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".$myrow["other_name"].".rdp\"/>&nbsp;&nbsp;" . $myrow["other_name"] . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";
          echo "  <td align=\"left\" bgcolor=\"" . $bgcolor . "\"><a href= \"launch_rdp.php?launch=".long2ip(ip2long(ip_trans($myrow["other_ip"]))).".rdp\"/>&nbsp;&nbsp;" . long2ip(ip2long(ip_trans($myrow["other_ip"]))) . " <img src=\"" . $but_for . "\" width=\"16\" height=\"16\" border=\"0\" />&nbsp;&nbsp;</td>\n";

    echo "<td></td>\n";
   echo "</tr>\n";
    } while ($myrow = mysql_fetch_array($result));
    echo "<tr><td><br />&nbsp;</td></tr>\n";
  } else {}
  echo "</table>\n";
  echo "</div>\n";
  echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"content\">\n";
  echo "<tr><td colspan=\"3\"><b>RDP Servers: " . $count . "</b></td></tr>\n";
  echo "</table>\n";
  echo "</div>\n";
  // rdp


Now create a file called include_rdp_config.php in the same folder as index.php with the following code. Note you may need to adjust the screen size variables to suit your monitor.

Code: Select all
<?php
//This function creates a .rdp file for use with Terminal Servies Clients.
// The defaults make sense for most cases

function make_rdp ($file_location = '' , $machine_name = '')
{
// $file_location = './launchpad/';
$screen_mode = 'screen mode id:i:2';
$desktopwidth = 'desktopwidth:i:1024';
$desktopheight = 'desktopheight:i:768';
$session = 'session bpp:i:16';
$winposstr = 'winposstr:s:0,3,0,0,800,600';
$full_address = 'full address:s:';
$compression = 'compression:i:1';
$keyboardhook = 'keyboardhook:i:2';
$audiomode = 'audiomode:i:2';
$redirector = 'redirectdrives:i:0';
$redirectprinters = 'redirectprinters:i:1';
$redirectcomports = 'redirectcomports:i:0';
$redirectsmartcards = 'redirectsmartcards:i:1';
$displayconnectionbar = 'displayconnectionbar:i:1';
$autoreconnection = 'autoreconnection enabled:i:1';
$username = 'username:s:Administrator';
$domainname = 'domain:s:MYDOMAIN';
$alternate_shell = 'alternate shell:s:';
$shell_working_directory = 'shell working directory:s:';
$disable_wallpaper = 'disable wallpaper:i:1';
$disable_full_window_drag = 'disable full window drag:i:1';
$disable_menu_anims = 'disable menu anims:i:1';
$disable_themes = 'disable themes:i:1';
$disable_cursor_setting = 'disable cursor setting:i:0';
$bitmapcachepersistenable = 'bitmapcachepersistenable:i:1';
$password = '';
$crnl="\r\n";

// First create the launch directory if not exist
if (!file_exists($file_location)){mkdir($file_location,0777);}

// Now set the pathname+filename
$full_file_name = $file_location . $machine_name ;
//Remove the .rdp suffix from $machine_name
$machine_id = rtrim($machine_name,'.rdp');


if (file_exists($full_file_name)) {$tmp=(unlink($full_file_name));}

if (!$file_handle = fopen($full_file_name,"a")) { echo "Cannot open file"; } 
// Create an RDP file with the details we need from the above defaults
else
fwrite($file_handle, $screen_mode.$crnl);
fwrite($file_handle, $desktopwidth.$crnl);
fwrite($file_handle, $desktopheight.$crnl);
fwrite($file_handle, $session.$crnl);
fwrite($file_handle, $winposstr.$crnl);
fwrite($file_handle, $full_address.$machine_id.$crnl);
fwrite($file_handle, $compression.$crnl);
fwrite($file_handle, $keyboardhook.$crnl);
fwrite($file_handle, $audiomode.$crnl);
fwrite($file_handle, $redirector.$crnl);
fwrite($file_handle, $redirectprinters.$crnl);
fwrite($file_handle, $redirectcomports.$crnl);
fwrite($file_handle, $redirectsmartcards.$crnl);
fwrite($file_handle, $displayconnectionbar.$crnl);
fwrite($file_handle, $autoreconnection.$crnl);
fwrite($file_handle, $username.$crnl);
fwrite($file_handle, $domainname.$crnl);
fwrite($file_handle, $alternate_shell.$crnl);
fwrite($file_handle, $shell_working_directory.$crnl);
fwrite($file_handle, $disable_wallpaper.$crnl);
fwrite($file_handle, $disable_full_window_drag.$crnl);
fwrite($file_handle, $disable_themes.$crnl);
fwrite($file_handle, $disable_cursor_setting.$crnl);
fwrite($file_handle, $bitmapcachepersistenable.$crnl);
fwrite($file_handle, $password.$crnl);


// echo "You have successfully written data to $full_file_name";   
fclose($file_handle); 


}

?>


Finally create another file called launch_rdp.php with this code

Code: Select all
<?
// Include the necessary info to create a suitable .rdp file
include "include_rdp_config.php";

// We need create rights for the web server to create a suitable folder for our files. The include_rdp_config.php will fail if we dont have this.
// However if you create the folder manually, it will work fine, so long as you give file create rights in that folder to the web server.
// This allows us to keep the security a bit tighter.
//

$file_location = ".\launchpad\\";


if (isset($_REQUEST["launch"])) {
    $file=$file_location.$_REQUEST["launch"];
    make_rdp($file_location,basename($file));

    header("Content-type: application/force-download");
    header("Content-Transfer-Encoding: Binary");
    header("Content-length: ".filesize($file));
   header("Content-disposition: attachment; filename=\"".basename($file)."\"");

   readfile("$file");
} else {
// We should never be here, unless we have beeen launched without a suitable ?launch= parameter.
    echo "No file selected to launch.";
}
?>
User avatar
A_Hull
Moderator
 
Posts: 2400
Joined: Tue Jan 25, 2005 3:09 am
Location: Scotland
Top

Re: Remote Desktop (Terminal Service) connection link.

Postby hm2k » Fri May 29, 2009 11:06 am

Neat idea, this should get committed.
hm2k
Newbie
 
Posts: 15
Joined: Fri May 29, 2009 10:30 am
Top

Re: Remote Desktop (Terminal Service) connection link.

Postby A_Hull » Sat May 30, 2009 8:28 pm

This is the Winventry forum, you probably need to use the OpenAudit forum.
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory
User avatar
A_Hull
Moderator
 
Posts: 2400
Joined: Tue Jan 25, 2005 3:09 am
Location: Scotland
Top
Topic locked

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron