PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user enumeration through RDP

From: Matt <matt () fireantsecurity co uk>
Date: Thu, 18 Apr 2013 15:36:33 +0100
You can do more than that. Can't say much more but RDP has some useful "features" that can be leveraged to gain a 
higher level of access if you know your way round windows api.

Sent from my iPhone

On 18 Apr 2013, at 01:36, Robin Wood <robin () digininja org> wrote:


I've just noticed a nice little trick for user enumeration. The client I'm testing has RDP on almost every windows 
machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most 
of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good 
as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming 
users connected to them are either admins or at least have more privileges than a normal user.

Thought others might find it useful.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: