Penetration Testing mailing list archives
Re: [PEN-TEST] Finding a Windows machine that a user is logged into
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Wed, 14 Mar 2001 16:13:12 -0300
"Dawes, Rogan (ZA - Johannesburg)" wrote:
Hi Folks, As part of a demonstration I want to do, I need to find a Windows client that a particular user is logged in to. e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP address, so that I can snoop the traffic that he is generating.
You can use the nbtscan. Let me explain. You do not need to be logged in NT Domain to enumerate the Windows machines. The nbtscan return something like this: D:\New-CD\CDROM_1\01_OperatingSystem\01_WindowsNT\01_Footprint\NBTScan>nbtscan -t 15 192.168.1.24/24 Doing NBT name scan for addresses from 192.168.1.24/24 IP address NetBIOS Name Server User MAC address ------------------------------------------------------------------------------ 192.168.1.3 SERVER <server> SERVER 08-00-2b-e2-9c-59 192.168.1.12 ST_UserA <server> UserA 00-00-21-cf-af-38 192.168.1.14 ST_UserB <server> UserB 00-e0-7d-91-02-55 192.168.1.105 ST_UserC <server> UserC 00-40-33-2f-97-95 192.168.1.251 BDC_SRV <server> Admin 00-80-c8-e7-05-f0 192.168.1.253 PDC_SRV <server> NTADM 00-80-c8-e7-05-f1 D:\New-CD\CDROM_1\01_OperatingSystem\01_WindowsNT\01_Footprint\NBTScan> Take a look carefully. In "NetBIOS Name" colum you can see the Workstation's Name and in "User" collum you can see the NT Domain's user name using the Workstation, so 2+2=4. ;) Another way is to use NTRK's "NETWATCH.EXE", but you'll need Administrator Status to do this. PS: NTRK == NT Resource Kit != NT RootKit. Sem mais, -- +---------------------------------------------------------------------+ |Nelson Brito | Security Networks / IBQN | | | Avenida General Justo, 365 - 4° Andar - Centro| |Security Analyst | 20.021-130 - Rio de Janeiro - RJ - Brasil | |Penetration Tester | +55.021.282-1351 R. 104 | | | nelson () secunet com br | +---------------------------------------------------------------------+ |"Windows NT can also be protected from nmap OS detection scans thanks| |to *Nelson Brito* ..." | | Trecho do livro "Hack Proofing your Network", página 93| +---------------------------------------------------------------------+
Current thread:
- [PEN-TEST] Finding a Windows machine that a user is logged into Dawes, Rogan (ZA - Johannesburg) (Mar 13)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Ted Behling (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Fredrik Wallström (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into olle (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Joakim Sandström (Mar 15)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Mike Sues (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Stephen P. Wilson (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Chris Winter (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Nelson Brito (Mar 14)