MSTSC参数说明
首先可以使用mstsc /?来查看关于mstsc的参数说明
根据上述的命令说明,我这里实现的bat文件为
mstsc C:/a.rdp /console /v: xxx.xxx.xxx.xxx:3389
rdp文件生成方法
(下面转载出自https://www.cnblogs.com/ypyhy/p/6113358.html)
最近由于项目需要,需要做一个rdp文件上成,然后可以直接连远程桌面的功能,在度娘和谷叔搜索一番,所得甚少。闲话少说,来点干货:
看看系统给提供的是啥样的
我们要关心得是 用户名和密码,其他参数可以慢慢了解,可是这个密码是怎么加密的呢?
使用的是一个win32里面一个叫crypt32.dll的CryptProtectData方法,好了,关键的时候来咯~~~~
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct DATA_BLOB
{
public int cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct CRYPTPROTECT_PROMPTSTRUCT
{
public int cbSize;
public int dwPromptFlags;
public IntPtr hwndApp;
public string szPrompt;
}
[DllImport("crypt32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool CryptProtectData(ref DATA_BLOB pDataIn, string szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, int dwFlags, ref DATA_BLOB pDataOut);
引用一下win32程序为我们生成密码。
private static string Encrypt(string password)
{
byte[] bytes = Encoding.Unicode.GetBytes(password);
DATA_BLOB dATA_BLOB = default(DATA_BLOB);
DATA_BLOB dATA_BLOB2 = default(DATA_BLOB);
DATA_BLOB dATA_BLOB3 = default(DATA_BLOB);
dATA_BLOB.cbData = bytes.Length;
dATA_BLOB.pbData = Marshal.AllocHGlobal(bytes.Length);
Marshal.Copy(bytes, 0, dATA_BLOB.pbData, bytes.Length);
dATA_BLOB3.cbData = 0;
dATA_BLOB3.pbData = IntPtr.Zero;
dATA_BLOB2.cbData = 0;
dATA_BLOB2.pbData = IntPtr.Zero;
CRYPTPROTECT_PROMPTSTRUCT cRYPTPROTECT_PROMPTSTRUCT = new CRYPTPROTECT_PROMPTSTRUCT
{
cbSize = Marshal.SizeOf(typeof(CRYPTPROTECT_PROMPTSTRUCT)),
dwPromptFlags = 0,
hwndApp = IntPtr.Zero,
szPrompt = null
};
if (CryptProtectData(ref dATA_BLOB, "psw", ref dATA_BLOB3, IntPtr.Zero, ref cRYPTPROTECT_PROMPTSTRUCT, 1, ref dATA_BLOB2))
{
if (IntPtr.Zero != dATA_BLOB.pbData)
{
Marshal.FreeHGlobal(dATA_BLOB.pbData);
}
if (IntPtr.Zero != dATA_BLOB3.pbData)
{
Marshal.FreeHGlobal(dATA_BLOB3.pbData);
}
byte[] array = new byte[dATA_BLOB2.cbData];
Marshal.Copy(dATA_BLOB2.pbData, array, 0, dATA_BLOB2.cbData);
return BitConverter.ToString(array).Replace("-", string.Empty);
}
return string.Empty;
}有密码了,替换掉开始另存为的文件里的密码,我们自己的rdp文件就有咯!
附一个文件内容方法
private static void rdpProfile(string filename, string address, string username, string password, string colordepth)
{
if (File.Exists(filename))
{
File.Delete(filename);
}
using (StreamWriter streamWriter = new StreamWriter(filename, true))
{
streamWriter.WriteLine("screen mode id:i:2");
streamWriter.WriteLine("desktopwidth:i:0");
streamWriter.WriteLine("desktopheight:i:0");
streamWriter.WriteLine("session bpp:i:" + colordepth);
streamWriter.WriteLine("winposstr:s:0,1,0,0,1234,792");
streamWriter.WriteLine("compression:i:1");
streamWriter.WriteLine("keyboardhook:i:2");
streamWriter.WriteLine("audiocapturemode:i:0");
streamWriter.WriteLine("videoplaybackmode:i:1");
streamWriter.WriteLine("connection type:i:6");
streamWriter.WriteLine("displayconnectionbar:i:1");
streamWriter.WriteLine("disable wallpaper:i:1");
streamWriter.WriteLine("allow font smoothing:i:1");
streamWriter.WriteLine("allow desktop composition:i:1");
streamWriter.WriteLine("disable full window drag:i:1");
streamWriter.WriteLine("disable menu anims:i:1");
streamWriter.WriteLine("disable themes:i:1");
streamWriter.WriteLine("disable cursor setting:i:0");
streamWriter.WriteLine("bitmapcachepersistenable:i:0");
streamWriter.WriteLine("full address:s:" + address);
streamWriter.WriteLine("audiomode:i:0");
streamWriter.WriteLine("redirectprinters:i:0");
streamWriter.WriteLine("redirectcomports:i:0");
streamWriter.WriteLine("redirectsmartcards:i:0");
streamWriter.WriteLine("redirectclipboard:i:1");
streamWriter.WriteLine("redirectposdevices:i:0");
streamWriter.WriteLine("redirectdirectx:i:1");
streamWriter.WriteLine("drivestoredirect:s:");
streamWriter.WriteLine("autoreconnection enabled:i:1");
streamWriter.WriteLine("authentication level:i:2");
streamWriter.WriteLine("prompt for credentials:i:0");
streamWriter.WriteLine("negotiate security layer:i:1");
streamWriter.WriteLine("remoteapplicationmode:i:0");
streamWriter.WriteLine("alternate shell:s:");
streamWriter.WriteLine("shell working directory:s:");
streamWriter.WriteLine("gatewayhostname:s:");
streamWriter.WriteLine("gatewayusagemethod:i:4");
streamWriter.WriteLine("gatewaycredentialssource:i:4");
streamWriter.WriteLine("gatewayprofileusagemethod:i:0");
streamWriter.WriteLine("promptcredentialonce:i:1");
streamWriter.WriteLine("use redirection server name:i:0");
streamWriter.WriteLine("use multimon:i:0");
if (!string.IsNullOrEmpty(username))
{
streamWriter.WriteLine("username:s:" + username);
}
if (!string.IsNullOrEmpty(password))
{
streamWriter.WriteLine("password 51:b:" + password);
}
}
}
————————————————————————————————————————————————————————————————————————————————————————————————————————————————
更改mstsc远程端口方法
Windows 系统中的远程终端服务是一项功能非常强大的服务,同时也成了入侵者长驻主机的通道,入侵者可以利用一些手段得到管理员账号和密码并入侵主机。下面,我们来看看如何通过修改默认端口,防范黑客入侵。
众所周知,远程终端服务基于端口3389。入侵者一般先扫描主机开放端口,一旦发现其开放了3389端口,就会进行下一步的入侵,所以我们只需要修改该务默认端口就可以避开大多数入侵者的耳目。
步骤:
1、打开“开始→运行”,输入“regedit”,打开注册表,进入以下路径:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp,看见PortNamber值了吗?其默认值是3389,修改成所希望的端口即可,例如6111。
2、再打开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\Tenninal Server\WinStations\RDP\Tcp,将PortNumber的值(默认是3389)修改成端口6111。
3、修改完毕,重新启动电脑,以后远程登录的时候使用端口6111就可以了。