Re: [PEN-TEST] Finding a Windows machine that a user is logged in to

["Toth, Laszlo" <Laszlo.Toth () KPMG HU>]

nbtstat -A ipadress
nbtstat -a machinename

Unfortunately you have to write a script to test all machine. Try to use net
view to get the input of the script.


-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () DELOITTE CO ZA]
Sent: Tuesday, March 13, 2001 9:08 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Finding a Windows machine that a user is logged into


Hi Folks,

As part of a demonstration I want to do, I need to find a Windows client
that a particular user is logged in to.

e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP
address, so that I can snoop the traffic that he is generating.

It is clearly possible to get this info, as for example tools like "net send
rdawes message" do it.  Having done that, I can look in my machine cache
using "nbtstat -c" to see who I've been talking to.

This is a bit obtrusive, though. I don't want to warn the user that I am
watching them, which the "net send" would do.

Does anyone have an idea how I can do this quietly?

Rogan


*************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone
else is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or
advice contained in this email are subject to the terms and conditions
expressed in the governing KPMG client engagement letter or contract.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
*************************************************************