Penetration Testing mailing list archives
Re: [PEN-TEST] Finding a Windows machine that a user is logged in to
From: "Lucyga,Dierk - Munich" <DLucyga () MUNICHRE COM>
Date: Thu, 15 Mar 2001 14:03:50 +0100
From: Mike Sues [SMTP:msues () cinnabar ca] Sent: Wednesday, March 14, 2001 4:35 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Finding a Windows machine that a user is
logged into
you need to send a NetBIOS name query for the NetBIOS service RDAWES<0x03>. This is the Messenger service (i.e. type 0x03) for the username in question. If the client uses WINS send the query to the WINS server. Otherwise if the suspected client is on the same subnet, to the broadcast address; the client will then respond. If its not on the same subnet and WINS is not used, if you have a range of IP addresses, send a name query for RDAWES<0x03> to each IP address; the client will then respond.
I don't think searching for 0x03 Entries in WINS and/or the name cache is feasible at all, as the workstation service also registers its name with 0x03. If you're doing an un-educated pen test and there is no obvious distinctive feature in the various names you won't be able to tell apart user names and workstation names. Regrads, Dierk Lucyga IS Office Tel.: (089) 3891-4720
Current thread:
- Re: [PEN-TEST] Finding a Windows machine that a user is logged in to Toth, Laszlo (Mar 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding a Windows machine that a user is logged in to Barber, Chris (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged in to Sacha Faust (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged in to Lucyga,Dierk - Munich (Mar 15)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Mike Sues (Mar 15)