0

I managed to change the port or remote desktop on my Windows Server 2016, using REGEDIT. But the problem began when I forgot to open that port in the firewall, so therefor I can no longer access remote desktop.

The server is still running a website that can run PHP code, and a java minecraft server, and I have FTP access to those.

The problem is that running things like exec with php that is suppose to run command lines, isn't elevated to admin privileges, and of course UAC isn't an option since i can't click anything.

So my question is, is there any way I can restore the RDP port, without admin privileges, or any way to remotely elevate so I can open the port with either CMD or PowerShell?

Many of the answers that are out there haven't worked.

Edit: Current access:

  • Running non-elevated cmd/PowerShell commands via PHP or Java
  • Full FTP access for the Website, and Java server

Edit 2:

RDP connection does connect using FPipe, but gives "Internal Error occurred".

Problem solved!

Using FPipe with java made me access RDP! I can now access it again. Thanks for all help!

Jocke155
  • 3
  • 1
  • 5
  • Can you use whatever access you have to start a netcat reverse shell, then use `psexec` to elevate, and fix the RDP port, firewall, or enable powershell remoting? – Zoredache Dec 08 '16 at 23:02
  • I've never started a netcat shell before, but I guess I could try if that works. – Jocke155 Dec 08 '16 at 23:09
  • Is there any chance I can redirect RDP traffic from the already open port 3389, to the new one, locally? – Jocke155 Dec 08 '16 at 23:15
  • @Jocke155 Is this server running in a cloud service, like Azure or AWS? – Drifter104 Dec 09 '16 at 15:49
  • @Drifter104 No, it's just a regular computer running Windows server 2016, with the inbuilt functions, only iis and a java server is running on it. – Jocke155 Dec 09 '16 at 16:47

1 Answers1

0

Just an untested hacky attempt...

Using netcat to portward..

Upload 3 files via FTP

  1. fpipe.exe ( http://www.mcafee.com/us/downloads/free-tools/fpipe.aspx )
  2. forward.php
  3. forward.bat

Content of forward.php:

<?php
function execInBackground($cmd) { 
        pclose(popen("start /B ". $cmd, "r"));  
} 

execInBackground("forward.bat");
?>

content of forward.bat (replace 8888 with your new RDP port)

fpipe -l 3389 -s 3389 -r 8888 127.0.0.1

Visit forward.php via webbrowser and then attempt to connect via RDP port 3389

Community
  • 1
eKKiM
  • 1,540
  • 9
  • 23
  • Just tried this, doesn't seem to work. Should I use the nc64, and should it be "netcat" or nc.exe in the bat? – Jocke155 Dec 08 '16 at 23:52
  • When i run `"nc.exe" -L 127.0.0.1:3389 -p 3339 -vvv` locally, I get this error: `forward host lookup failed: h_errno 11001: HOST_NOT_FOUND` – Jocke155 Dec 09 '16 at 00:19
  • I replaced netcat with fpipe in my answer. The windows version of netcat seems to have issues with the port forwarding method. – eKKiM Dec 09 '16 at 14:02
  • that command seems to give the WSAEACCES 10013 error (Permission denied) – Jocke155 Dec 09 '16 at 15:23
  • I changed the port to another one that I know is open, and it doesn't give the error. I still can't connect, but I can see that Fpipe is running since I can't delete it in FTP. – Jocke155 Dec 09 '16 at 15:33
  • I did the same thing above, but with Java, and the result is that it actually can connect, but RDP gives "An internal error occurred, so this is a new problem – Jocke155 Dec 09 '16 at 16:52
  • Internal error resolved by replacing 8888 to the new RDP port. (Yes I forgot to do that when i programmed it in java.) I can now access RDP again! – Jocke155 Dec 09 '16 at 17:17