Vulnerability Development mailing list archives
Re: Win2k Server + remote user enumeration
From: bacano () ESOTERICA PT (bacano)
Date: Wed, 10 May 2000 19:52:25 +0100
Because the server is working with DNS, and using host names instead of netbios names? If you can uninstall/disable DNS in that server you'll see that CIS works fine, and the users will be listed in CIS NetBIOS Session Server report. Win2k its designed to work with host names instead of netbios names, so probably the server version default installation includes DNS. No DNS installed, and at cis report got it all(e.g. a win2k default user): Account Name :TsInternetUser The TsInternetUser account is a GUEST, and the password was changed XX days ago. This account has been used X times to logon. Comment :This user account is used by Terminal Services. User Comment : Full name :TsInternetUser (you will have the share, group and account information as usual, but without DNS on that server) [ ]'s Bacano ----- Original Message ----- From: "Joerg Weber" <joerg () FS IS UNI-SB DE> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Tuesday, May 09, 2000 4:36 PM Subject: Win2k Server + remote user enumeration
Hi everyone, I was playing with a new Win2K server today (vanilla install) and poked it with tools like gnit or cis to perform remote user enumeration. Works fine on default workstations, but not on servers. Did MS wise up and change the default permissions in this regard? If so, is it still possible to fetch that info via Active Directory maybe? Cheers, Joerg
Current thread:
- Win2k Server + remote user enumeration Joerg Weber (May 09)
- Re: Win2k Server + remote user enumeration bacano (May 10)
- <Possible follow-ups>
- Re: Win2k Server + remote user enumeration Ollie Whitehouse (May 10)