PaulDotCom mailing list archives
Re: user enumeration through RDP
From: Robin Wood <robin () digininja org>
Date: Tue, 23 Apr 2013 16:15:40 +0100
I'm at a talk on rdp at 44cafe now and will be at BSides tomorrow. Robin On Apr 23, 2013 3:55 PM, "Matt" <matt () fireantsecurity co uk> wrote:
If you are at BSidesLondon tomorrow we can chat then. Sent from my iPhone On 21 Apr 2013, at 23:05, Robin Wood <robin () digininja org> wrote: On 18 April 2013 15:36, Matt <matt () fireantsecurity co uk> wrote:You can do more than that. Can't say much more but RDP has some useful "features" that can be leveraged to gain a higher level of access if you know your way round windows api.Pointers to any info? I don't know much about the windows API but might be worth looking at.Sent from my iPhone On 18 Apr 2013, at 01:36, Robin Wood <robin () digininja org> wrote:I've just noticed a nice little trick for user enumeration. The clientI'm testing has RDP on almost every windows machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming users connected to them are either admins or at least have more privileges than a normal user.Thought others might find it useful. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- user enumeration through RDP Robin Wood (Apr 18)
- Re: user enumeration through RDP Nicholas B. (Apr 18)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Nicholas B. (Apr 24)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Carlos Perez (Apr 18)
- Re: user enumeration through RDP Matt (Apr 18)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Matt (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Michael Salmon (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Chris Campbell (Apr 24)
- Re: user enumeration through RDP Robin Wood (Apr 24)
- Re: user enumeration through RDP Jeremy Pommerening (Apr 24)
- Re: user enumeration through RDP Ryan (Apr 28)
- Re: user enumeration through RDP Rob Fuller (May 07)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Nicholas B. (Apr 18)