Coffeehouse Thread

21 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Best RDP, to avoid firewall?

Back to Forum: Coffeehouse
  • User profile image
    Chadk

    My new school have blocked pretty much all posssible port.

    But i need to remote desktop into my computer at home.

    Alot of free services allows you to connect to your computer in ways that will ignore the firewall. But i dont wanna be stuck to a web browse, which most of the software does.

    What do you recommend for remote desktoping trough a firewall?   

  • User profile image
    cheong

    I think you should obtain more information about the firewall first before seeking suggestions.

    Sometimes they just don't bother to block RDP. The other performs packet check on outgoing packets so even Web RDP client and HTTP channeling technique won't do.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    Chadk

    cheong wrote:
    I think you should obtain more information about the firewall first before seeking suggestions.

    Sometimes they just don't bother to block RDP. The other performs packet check on outgoing packets so even Web RDP client and HTTP channeling technique won't do.


    Trying wont kill.

    And its not like my network administrator would tell me either, would he? Wink

  • User profile image
    rcardona

    Can you ssh into your home computer? You might be able to setup an ssh port forwarder tunnel for RDP

  • User profile image
    Chadk

    rcardona wrote:
    Can you ssh into your home computer? You might be able to setup an ssh port forwarder tunnel for RDP

    I can at least give it a good try Wink

  • User profile image
    jgillette

    Our work blocks most outgoing ports. To over come that I set the Windows RDP port on my home maching to port 8080, which is allowed through. You could give that a shot.

    http://support.microsoft.com/kb/306759

  • User profile image
    W3bbo

    Chadk wrote:
    My new school have blocked pretty much all posssible port.

    But i need to remote desktop into my computer at home.

    Alot of free services allows you to connect to your computer in ways that will ignore the firewall. But i dont wanna be stuck to a web browse, which most of the software does.

    What do you recommend for remote desktoping trough a firewall?   


    My college has decided to be "progressivly evil".

    Whilst there are still clandestine ways to open mstsc.exe under our Limited user accounts, it seems in the past few months they've enabled some kind of deep-packet inspection, they use ISA which does DPI, so it makes sense.

    Initially they just blocked the default RDP port, I could still get through on custom ports (refer to the posted MS KB article, you can also create a secondary TCP connection so you can accept on both the default port and an arbitrary second port). But as I said, within the past few months it looks like they do DPI.

    There's always tunneling or VPN, but you can't really do that on systems where you can't install your own tunnel or VPN client software, so SSH will be of zero help.

    Let me know if you find any solutions, I'm interested too.

    BTW, what happens if you run multiple instances of VNC from within multiple Terminal Services sessions?

  • User profile image
    GoddersUK

    W3bbo wrote:
    
    Whilst there are still clandestine ways to open mstsc.exe under our Limited user accounts,


    Is that just in reference to accessing root C drive to get the file or to running it as well. My experience is that they ban all non-approved exes (basicaly we can only run stuff like office no other exes (not even ones already on the system).

    That would be interesting to know. Specialy since I just found another way to get to the root drive on the school pcs.

  • User profile image
    Sven Groot

    W3bbo wrote:
    
    Chadk wrote:
    My new school have blocked pretty much all posssible port.

    But i need to remote desktop into my computer at home.

    Alot of free services allows you to connect to your computer in ways that will ignore the firewall. But i dont wanna be stuck to a web browse, which most of the software does.

    What do you recommend for remote desktoping trough a firewall?   


    My college has decided to be "progressivly evil".

    Whilst there are still clandestine ways to open mstsc.exe under our Limited user accounts, it seems in the past few months they've enabled some kind of deep-packet inspection, they use ISA which does DPI, so it makes sense.

    I wonder if you set up RDP to use SSL-based encryption if it would circumenvent the packet inspection. How to configure RDP for this is indicated in this article. The one thing I wouldn't do from that article is enabling the FIPS setting, it has the tendency to break some things in particular a lot of .Net 2.0 apps. .Net 2.0 enforces the FIPS setting but this has the end result that if someone uses any of the managed cryptography classes (e.g. System.Security.Cryptograpy.SHA1Managed) which aren't FIPS compliant it will cause an exception. Unfortunately some pieces of the framework itself (e.g. ClickOnce) use these classes so it's really not safe to set that policy. So do everything from that article except changing the FIPS setting.

    I'm not entirely sure if the stuff from that article requires the RDP6 client. If it does, it'll probably not help you since they probably won't have that.

    EDIT: It may also require Vista on the server side of the RDP, which would also make it useless to you. Still, I wonder if this would work to circumvent the packet inspection.

    W3bbo wrote:
    There's always tunneling or VPN, but you can't really do that on systems where you can't install your own tunnel or VPN client software, so SSH will be of zero help.

    SSH clients like PuTTY don't need any installation, but if you can't run any of your own executables that won't help.

  • User profile image
    Deactivated User

    Comment removed at user's request.

  • User profile image
    Matthew van Eerde

    Chadk wrote:
    And its not like my network administrator would tell me either, would he?


    Depends how you ask... if you say "how can I avoid the firewall" you probably won't get far.  If you say "I need to RDP into my machine at work to do (thus-and-such-thing with an unquestionable educational purpose)" you have a better chance.

  • User profile image
    W3bbo

    GoddersUK wrote:
    Is that just in reference to accessing root C drive to get the file or to running it as well. My experience is that they ban all non-approved exes (basicaly we can only run stuff like office no other exes (not even ones already on the system).

    That would be interesting to know. Specialy since I just found another way to get to the root drive on the school pcs.


    Nope.

    My college's RM systems use a whitelist of locations where executables can be ran, the filename is meaningless.

    AFAIK, the locations are C:\Program Files\, C:\Windows, C:\RM, and a few others

    Obviously VB Macros in Word, Excel, etc... are blocked, except for Access, which is fortunate. All you need to do is write a program which copies your executable from a USB stick to C:\Program Files\, then calls ShellExecute.

    Just don't forget to delete the file after you're done, just in case. Also, it helps to rename the copied file to "WINWORD.EXE" or something too.

    Now that I've told you my secret, what's yours? Smiley

  • User profile image
    W3bbo

    Matthew van Eerde wrote:
    
    Chadk wrote:
    And its not like my network administrator would tell me either, would he?


    Depends how you ask... if you say "how can I avoid the firewall" you probably won't get far.  If you say "I need to RDP into my machine at work to do (thus-and-such-thing with an unquestionable educational purpose)" you have a better chance.


    No dice, they can always pull the "you can bypass our anti-pron filter" card... which they invariably do.

    But the "I was doing it for educational reasons" excuse has saved my arse a few times, which is fortunate because my college has a "two strikes, then you get banned for a week"

  • User profile image
    GoddersUK

    I forgot the big one.

    The default BIOS password on all RM PCs is RM

    Tongue Out

  • User profile image
    GoddersUK

    W3bbo wrote:
    My college's RM systems use a whitelist of locations where executables can be ran, the filename is meaningless.

    AFAIK, the locations are C:\Program Files\, C:\Windows, C:\RM, and a few others

    Obviously VB Macros in Word, Excel, etc... are blocked, except for Access, which is fortunate. All you need to do is write a program which copies your executable from a USB stick to C:\Program Files\, then calls ShellExecute.

    Just don't forget to delete the file after you're done, just in case. Also, it helps to rename the copied file to "WINWORD.EXE" or something too.

    Now that I've told you my secret, what's yours?


    That could come in handy, I've found a couple of ways to browse to C:/ root Wink

    You want secrets about school systems eh?

    Just find which teachers have admin accounts. I'd be willing to bet at least one of them still had default (my school also gave admin to teachers that were more worried that we'd read there email then reaked system wide damage (we found a couple of teachers with admin accounts that didn't even know how to change the password)).

    Macros yep not blocked I'm just too lazy to do anything that way (we can even access a version of vb and so run uncompiled programmes that could cause damage/allow us free reign Wink)

    I know a good thing to do if you college has an both rm cc2 and cc3 networks (allows you to browse the network).

    Secure urls aren't blocked by our web filter (we can't get http://mail.google.com but we can get https://mail.google.com).

    There's a program that will let me browse to C: root which I don't think it should.

    There's another thing that involves unplugging from the network at just the right moment but when I tried that the pc stopped working [6].

    Now I just have to hope you're not an admin at my school pretending to be someone else.

    EDIT: Older (designed for win 9x) programmes are the ones that normaly let you browse to C:/

  • User profile image
    W3bbo

    GoddersUK wrote:
    
    W3bbo wrote:
    My college's RM systems use a whitelist of locations where executables can be ran, the filename is meaningless.

    AFAIK, the locations are C:\Program Files\, C:\Windows, C:\RM, and a few others

    Obviously VB Macros in Word, Excel, etc... are blocked, except for Access, which is fortunate. All you need to do is write a program which copies your executable from a USB stick to C:\Program Files\, then calls ShellExecute.

    Just don't forget to delete the file after you're done, just in case. Also, it helps to rename the copied file to "WINWORD.EXE" or something too.

    Now that I've told you my secret, what's yours?


    That could come in handy, I've found a couple of ways to browse to C:/ root

    You want secrets about school systems eh?

    Just find which teachers have admin accounts. I'd be willing to bet at least one of them still had default (my school also gave admin to teachers that were more worried that we'd read there email then reaked system wide damage (we found a couple of teachers with admin accounts that didn't even know how to change the password)).

    Macros yep not blocked I'm just too lazy to do anything that way (we can even access a version of vb and so run uncompiled programmes that could cause damage/allow us free reign )

    I know a good thing to do if you college has an both rm cc2 and cc3 networks (allows you to browse the network).

    Secure urls aren't blocked by our web filter (we can't get http://mail.google.com but we can get https://mail.google.com).

    There's a program that will let me browse to C: root which I don't think it should.

    There's another thing that involves unplugging from the network at just the right moment but when I tried that the pc stopped working .

    Now I just have to hope you're not an admin at my school pretending to be someone else.

    EDIT: Older (designed for win 9x) programmes are the ones that normaly let you browse to C:/


    Nothing I didn't already know. I was thinking more along the lines of buffer-overflows in the RM utilities that run with SYSTEM credentials.

  • User profile image
    AndyC

    W3bbo wrote:
    
    Obviously VB Macros in Word, Excel, etc... are blocked, except for Access, which is fortunate. All you need to do is write a program which copies your executable from a USB stick to C:\Program Files\, then calls ShellExecute.


    They lock the machines down, but let you write to Program Files?

    Wow. Just wow!

  • User profile image
    W3bbo

    AndyC wrote:
    
    W3bbo wrote:
    
    Obviously VB Macros in Word, Excel, etc... are blocked, except for Access, which is fortunate. All you need to do is write a program which copies your executable from a USB stick to C:\Program Files\, then calls ShellExecute.


    They lock the machines down, but let you write to Program Files?

    Wow. Just wow!


    Mysteries of the universe Smiley

    Actually I believe it's because of a number of legacy teaching apps they use that store application settings in local INI files. But even then, Write access should only be applied to each application's directories and not the whole dir.

    I think it's the default setup common to all RM environments or something, there was a similar vulnerability in the last two schools I've been at who ran the same RM system.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.