This post can a) help you to transfer binary files to a server over the RDP session or b) it can help you to close a gap in your server hardening procedures.
a)
Transferring a simple text file is just open the file on your local machine and copy&paste to the file on the server. But what if you have a binary file or you need to transfer multiple files which you have packed into a zip container?
All Windows PKI users should know the certutil.exe command line utility. Besides many other functions, it can also encode and decode files from and to base64. Originally this was planned to convert certificates between the base64 format and the binary format. You can also write a powershell script an use the ToBase64String and FromBase64String method. If you are not familiar with powershell you want use certutil.exe what is pre-installed on Windows 7, 2008 R2, Windows 8, Windows 2012.
1. to get your file prepared for the transfer run:
certutil.exe -encode file.zip filezip.txt
2. next, open the filezip.txt with Notepad and mark all and copy it to the clipboard
3. Open Notepad on the server with the same file name
notepad.exe filezip.txt
and paste the content from the clipboard. Save the file.
4. Last step is to convert the file back to binary using certutil again:
certutil.exe -decode filezip.txt file.zip
Now you can extract your files from the file.zip on the server.
According to comments made to this article http://blogs.msdn.com/b/rds/archive/2006/11/20/why-does-my-shared-clipboard-not-work-part-2.aspx
you cannot transfer any size of data through the RDP session. But you can transfer files in slices you have only to split the text file. And don't worry about the ---- BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ----- line in the text file.
b)
To prevent these transfers you must disable the RDP clipboard in the RDP server settings directly or over Group Policy settings. It seems that this is a server-wide setting and cannot be set on a user-base. Well, you lose a lot of convenience in working with the server console but it is more secure.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment