Article directory
foreword
Many companies have their own computer rooms, and there will be several servers in the computer room to provide services for employees and users. You can think about it: Suppose this company has hundreds of servers. As network engineers, we have to maintain these servers every day, and then run up and down the computer room with a mouse and keyboard every day. Is this appropriate?
Obviously inappropriate, we can enable the remote management of these servers in advance, and configure the IPs of these servers so that they can all be connected to the Internet. Then we just need to sit in the office and drink tea, and remote management is fine. Not only do you not need to go to the computer room, but you also don’t need to configure a keyboard and mouse for each server in the computer room. As the saying goes: in the midst of strategizing, the decisive victory is thousands of miles away. Today I will give you a detailed introduction to the remote management of the server .
1. Types of remote management
There are 2 types of Windows server remote management :
- Graphical remote management, also called remote desktop
- Command line remote management, also called telnet remote
Telnet is a very well-known protocol in the world, itSupport to allow a certain device to be controlled remotely by others with commands. For example, if I don’t want to go to the computer room in the future, I can turn on all the routers, switches, firewalls and other network devices, system devices, and server devices that you can see in the computer room, and turn on their telnet. can be operated. There is a saying in the industry:telnet can telnet the whole world, and then look at these two remote methods separately.
2. Remote Desktop
Let's look at the remote desktop first , and we need to do experiments to demonstrate. The topology diagram of the two devices used in the experiment is as follows:
In reality, even if two people are far away, you can control him remotely. Today is an experiment. We don't need to build a very large network, as long as the two computers can communicate.
To do this experiment, we can open a virtual machine with a Windows XP system and a Windows server 2003 system. Connect both of them to VMnet1 , that isConnect the two virtual machines to the same switch. One IP address is assigned 10.1.1.1 , the other IP address is assigned 10.1.1.2 , and the subnet mask is 255.255.255.0 . Then ping the two , that is, they can communicate, you can open the remote desktop of the 2003 server , and finally use the XP computer to connect to complete the remote management.
Proceed as follows:
- First configure the network for the two virtual machines, andRealize that the client and server can communicate with each other。
- The server is enabled to allow remote control : right-click My Computer Properties → Remote Settings → select Allow → OK .
- On the client computer: Start → Run →Enter mstsc to openremote connection tool。
- on the mstsc toolEnter the IP of the serverand click OK .
- Enter the server 'saccount and password。
注意:如果使用非管理员账户登录远程,需要在服务器上将用户加入到远程桌面内置组 Remote Desktop Users 中。
Just looking at the steps, many friends still have no idea, so let's start the experiment directly. First open these two virtual machines: Windows XP and Windows server 2003 .
First put the two virtual machines on the same network card VMnet1 (that is,connected to the same switch),Proceed as follows:
- Right-click winxp-1 , which is the name of the virtual machine, and select [ Settings ] in the pop-up drop-down list
- Click [ Network Adapter ], select [ Custom ] under [ Network Connection ] , click to open the list, select [ VMnet1 (host mode only) ], and click [ OK ]. Configure the 2003 virtual machine in the same way. After the configuration, the two devices are connected tosame LANinside.
Then configure IP for the two virtual machines, taking XP as an example, the steps are as follows:
- Right-click [ My Network Places ], and select [ Properties ] in the pop-up drop-down list
- Right-click [ Local Area Connection ], and select [ Properties ] in the pop-up drop-down list
- Double-click [ Internet Protocol (TCP/IP) ]
- Configure the IP address as 10.1.1.1 and the subnet mask as 255.255.255.0 , click [ OK ], click [ OK ]. Configure the 2003 virtual machine in the same way, set the IP to 10.1.1.2 , and configure the subnet mask to 255.255.255.0.
The network and IP of the two devices are configured, test the connectivity, enter the XP computer, press win + R to open the run box, enter cmd to enter the console, and enter the command in the console: ping 10.1.1.2 , as shown in the figure below The ping is successful, and the two devices can communicate with each other.
Next, use the XP computer to remotely manage the Windows server 2003 server, first enable the remote desktop settings of the 2003 server, that is, allow other computers to remotely control the desktop of this server, the steps are as follows:
- Enter the 2003 virtual machine, right-click [ My Computer ], and select [ Properties ] in the pop-up drop-down list
- Click [ Remote ], check [ Enable Remote Desktop on this computer ], a pop-up window will pop up, click [ OK ], and then click [ OK ] below
Then use the XP computer to connect remotely, the steps are as follows:
- Enter the XP virtual machine, click [ Start ] in the lower left corner, click [ Run ]
- Enter the command in the pop-up run box: mstsc , click [ OK ] to openremote connection tool
- Write the IP address of the remote computer here, such as the IP address of the 2003 server 10.1.1.2 , and click [ Connect ]
注意:这一步点击【连接】之后如果长时间没有反应,证明对方那台电脑没有开启远程桌面,要让对方开启一下,方法就是上面刚讲的。
- After clicking, you can normally see the following interface, which is obviously the login interface of the Windows server 2003 server
Now here comes the question: where is the user name and password for entering the XP computer? Or enter the user name and password of the Windows server 2003 server?
Obviously, you need to enter the username and password of the Windows server 2003 server, because that server is what we want to log in remotely.
The next step is to enter the user name and password. Speaking of which, I will tell you about it.Server administrators will not hand over their administrator users to others, if someone else wants to remotely log in to assist in managing this server, the server administrator will generallyCreate a common user and password to others, which is also for the sake of server security.
Back on the 2003 server, we enter the console , create a common user a , and the password is also a , the command is: net user aa /add , as shown in the figure below:
Go back to the remote login page on XP and enterusername a,password a, click [ OK ], you can see the following picture:
The meaning of this pop-up window is: ordinary users do not have the permission to log in remotely, then we need to grant permissions to this ordinary user, that is, add ordinary user a to the built-in group Remote Desktop Users of the remote desktop .
Back in the 2003 server willnormal user aAdd to the remote desktop built-in group , the steps are as follows:
- Right-click [ My Computer ] and select [ Manage ] from the pop-up drop-down list
- Find [ Local Users and Groups ] and double-click to open it, then double-click to open [ Groups ]
- Find [ Remote Desktop Users ] and double-click to open it, and add, why not use the command to directly add user a to the remote desktop group. It’s because the group name is too long, so I add it directly with the graphical interface. If some friends want to add it with commands, they can also use commands. If you don’t know how to use commands, you can read my previous blog [Introduction to User and Group Management ] . In addition, if you use a command, you need to add double quotes to Remote Desktop Users to wrap it as a whole, because there is a space in the group name, if you don’t add it, the system will recognize it as multiple commands and report an error
- It can be seen that there are currently no users in this remote desktop group, but the administrator account (that is, administrator) has this permission, and the administrator has all the permissions without additional grants.
- We can verify to see if the administrator can directly log in remotely, go back to the remote interface in the XP virtual machine, enter the user name administrator and password, and click [ OK ]
- You can see that the desktop of the Windows server 2003 server has been logged in
- You can create various files in it, leaving some garbage
- Let’s go back to the Windows server 2003 server and you can see the following picture, there are already so many files, all of which are the garbage left by the remote operation just now
- It has just been verified that although the administrator is not in the remote desktop group, he has the remote login authority. Let's continue the above steps and putnormal user aAdd to the remote desktop group , click [ Add ] in the remote desktop group just opened
- Enter a here and click [ OK ]
- Here is a reminder that there are several users starting with a , we will choose the first one, and click [ OK ]
- You can see that user a has been added to the remote desktop group , click [ OK ]
- Go back to the XP computer, click the cross on the top, and click [ OK ] in the pop-up window , thenThe representative turns off the remote, back to XP's own desktop
- After returning to the XP desktop, click [ Start ] in the lower left corner, click [ Run ], enter mstsc , and click [ Connect ] to come to the remote login page of 2003
- enterusername a,password a, click [ OK ]
- You can see that the remote login is successful. The reason why the following interface appears is that user a is logging in for the first time, and the system is creating a home directory for him.
- You can see that you are logged in as user a , and the desktop is different from the desktop of the administrator user just now, without any junk files.The same computer, different users log in, the desktop is different, because each user has its own home directory, If you still don’t understand this piece of knowledge, you can read the blogger’s previous blog [ Introduction to User and Group Management ]
The above is the entire introduction to the use of remote desktop management (graphical remote management) , and then look at the remote method of the telnet command line .
Three, telnet command line remote
What I saw using the remote desktop just now was the graphical interface of the other party . Now what I see remotely using telnet is the command line , not the desktop. Then the [ commands commonly used by hackers ] mentioned by the blogger in the previous blog will come in handy. Including the configuration of switches, routers, and firewalls mentioned later, telnet will also be used.
Let's get in touch todayHow to enable telnet on Windows server, using telnet remotely is alsoYou need to configure the IP and other parameters of the two devices first to ensure that they can communicate with each other., because we have configured two virtual machines just now, let’s directly see how to enable telnet, the steps are as follows:
- Enter the 2003 server, click [ Start ] in the lower left corner, click [ Run ], enter the command in the run box: services.msc , this command is to open the service management window, click [ OK ]
- Come to the service interface, in factThe telnet service is disabled by default, we need to open it, once it is opened, others can connect to my service. Swipe down to find the telnet service, because there are many services, it is slow to find when you swipe down, let me teach you a trick,Select any service with the mouse, and then press the T key (that is, the initial letter of telnet) to quickly locate all services beginning with T, find the telnet service, you can see that it is disabled , as shown below
- usStart the telnet service,ThenChange the startup type to automatic, so that the service will be automatically started every time the computer is turned on. Double-click to open Telnet , change [ Startup Type ] to Automatic , and click [ Apply ]
- Click [ Start ], click [ OK ]
- You can see that the Telnet service has been started, as shown below
After enabling the telnet service of the Windows server 2003 server, it means that on the XP computer, weNot only through the mstsc remote desktop connection toolto control the 2003 server,You can also use the command line through the consoleto remotely control the server. The steps to connect remotely using the telnet command line are as follows:
- We enter the XP virtual machine, press the win + R keys at the same time to open the run box , enter cmd and press Enter to enter the console
- Enter telnet 10.1.1.2 in it , and the following IP address isThe IP address of the computer you want to remote, then press Enter
- Wait for a while after pressing Enter, you can see the dialogue shown in the figure below, hereIt doesn't matter if you enter y or n, this is a tasteless setting. We just enter n, press Enter after entering
- After pressing Enter, you can see the prompt Welcome to Microsoft's telnet service, we enter the user name a, press Enter, and then enter the password (herepassword is not displayed), and then press Enter, see the following picture
It can be seen from the figure above that the connection failed, but the telnet service has been enabled on the Windows server 2003 server, so why can’t it connect?
Everyone still remember when we remote desktop just now,Only the administrator has the permission to remotely control by default, and ordinary user a has no permission, is added later. In fact, the telnet service is the same. By default, only administrators have permission, and ordinary users are not allowed. usNeed to add telnet remote permission to user a,Proceed as follows:
- Go back to the 2003 server, right-click [ My Computer ], and click [ Manage ] in the pop-up drop-down list
- Double-click to open [ Local Users and Groups ], select [ Group ] and double-click to open
- Just now we looked at the Remote Desktop Users remote desktop group, you can see the TelnetClients group down, double-click to open this group
- Click【Add】
- Enter a and click [ OK ]
- Select the first one and click [ OK ]
- Click [ OK ]
Nownormal user aAlso have the telnet remote management authority, we go back to the console of the XP virtual machine, enter telnet 10.1.1.2 again , and press Enter
Enter n and press Enter
Enter the user name a, press Enter, enter the password a, press Enter, and you can see that the login is successful. As shown in the figure below, what you see now is the console interface of the Windows server 2003 server, not the console interface of XP
We can verify it, enter the command d:, press Enter to enter the D drive, enter the command md home , press Enter, it is equivalent to the D drive of this computer in Windows server 2003Created a folder named Hometown. These commonly used commands and those who are not familiar with them can read the blogger’s previous blog [ commands commonly used by hackers ]
Go back to the 2003 server, open the D drive, and you can see the home folder. This means that the operation we just did on the command line is for the 2003 server, that is, the remote control is successful
So far, the telnet command line remote method has been introduced.
4. View local open ports
I would like to add another knowledge point to everyone. Before attacking a certain host, hackers usually scan it to see if the target host isWhich port numbers are open, that isWhat services are open. We just opened the telnet service , which corresponds to a certain port number.
Teach you a command: netstat -an , this command is to view all ports open on this machine , and each port corresponds to a service. Enter the Windows server 2003 server, open the command line , enter netstat -an , and press Enter to see the following figure:
The port number 23 in the figure is the port of telnet remote service , and the port number 3389 is the port of remote desktop service , which means that the current computer isOpen telnet remote service and remote desktop service. That is to say, hackers can remotely connect and control this computer, but they don’t know the user name and password. Of course, these can be cracked by technical means, such as brute force cracking, and they can be controlled remotely after getting it.
注意:远程桌面协议的英文简写是RDP,日后在公司做网安工作经常会听到这个名词,有没有开启RDP服务,其实就是有没有开启远程桌面服务。
The previously popular ransomware virus used port 445 , and 445 is the port number of the file sharing service . The ransomware sneaks into our computer through port 445, and then encrypts all files. So we generally still have toclose port 445, that isTurn off the file sharing service, After turning it off, the virus will not be able to enter our computer. For the specific shutdown method, please refer to the blogger’s previous article [ File Sharing Server ].