PaulDotCom mailing list archives

Re: user enumeration through RDP

From: Robin Wood <robin () digininja org>
Date: Sun, 21 Apr 2013 23:04:42 +0100

On 18 April 2013 15:16, Nicholas B. <nberthaume () gmail com> wrote:

There are GPOs/local policies to suppress this, but by default it is
configured to disclose this info at least on systems running up to 2008R2
(haven't looked into 2012/win8).  You can also check for things like seeing
if the administrator account has been renamed or not as well as the
domain(s) in addition to the machine name (if you are only able to see the
ip address).  Great info for further attacks regardless.

How can you spot if it has been renamed? Just because a single word

username is logged in?


On Wed, Apr 17, 2013 at 8:36 PM, Robin Wood <robin () digininja org> wrote:

I've just noticed a nice little trick for user enumeration. The client
I'm testing has RDP on almost every windows machine and when you connect to
them, if there is a user already connected they tell you who it is. Luckily
here most of them do have someone logged in. It is a manual job but has got
me a nice little stash of usernames which is good as all my usual
techniques failed. Of extra lucky, by naming and subnets I know which the
servers are so I'm assuming users connected to them are either admins or at
least have more privileges than a normal user.

Thought others might find it useful.

Robin

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

user enumeration through RDP Robin Wood (Apr 18)
- Re: user enumeration through RDP Nicholas B. (Apr 18)
  - Re: user enumeration through RDP Robin Wood (Apr 22)
    - Re: user enumeration through RDP Nicholas B. (Apr 24)
- Re: user enumeration through RDP Carlos Perez (Apr 18)
- Re: user enumeration through RDP Matt (Apr 18)
  - Re: user enumeration through RDP Robin Wood (Apr 22)
    - Re: user enumeration through RDP Matt (Apr 23)
    - Re: user enumeration through RDP Robin Wood (Apr 23)
    - Re: user enumeration through RDP Carlos Perez (Apr 23)
    - Re: user enumeration through RDP Robin Wood (Apr 23)
    - Re: user enumeration through RDP Carlos Perez (Apr 23)
    - Re: user enumeration through RDP Michael Salmon (Apr 23)

(Thread continues...)