PaulDotCom mailing list archives
Re: user enumeration through RDP
From: Chris Campbell <chris () ctcampbell com>
Date: Tue, 23 Apr 2013 22:02:25 +0100
There's a group policy option to disable username memory on the login screen.
Michael Salmon wrote:
Does RDP on Windows 7 still give the logged in username? Working with W7 I haven't seen it anymore but it may be that it's been disabled in my environment and I didn't realize it.On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez <carlos_perez () darkoperator com <mailto:carlos_perez () darkoperator com>> wrote:No clue on that On Apr 23, 2013, at 12:32 PM, Robin Wood <robin () digininja org <mailto:robin () digininja org>> wrote:On Apr 23, 2013 5:07 PM, "Carlos Perez" <carlos_perez () darkoperator com <mailto:carlos_perez () darkoperator com>> wrote: > > This was what I was alluding to > http://www.tenable.com/blog/nessus-52-released > > Nessus will now grab VNC and RDP Screenshots Looks pretty cool. Any chance of building in character recognition in to read the active user? Robin > Sent from my iPhone > > On Apr 23, 2013, at 3:29 AM, Matt <matt () fireantsecurity co uk <mailto:matt () fireantsecurity co uk>> wrote: > >> If you are at BSidesLondon tomorrow we can chat then. >> >> >> Sent from my iPhone >> >> On 21 Apr 2013, at 23:05, Robin Wood <robin () digininja org <mailto:robin () digininja org>> wrote: >> >>> On 18 April 2013 15:36, Matt <matt () fireantsecurity co uk <mailto:matt () fireantsecurity co uk>> wrote: >>>> >>>> You can do more than that. Can't say much more but RDP has some useful "features" that can be leveraged to gain a higher level of access if you know your way round windows api. >>>> >>> >>> Pointers to any info? I don't know much about the windows API but might be worth looking at. >>> >>>> >>>> Sent from my iPhone >>>> >>>> On 18 Apr 2013, at 01:36, Robin Wood <robin () digininja org <mailto:robin () digininja org>> wrote: >>>> >>>> > I've just noticed a nice little trick for user enumeration. The client I'm testing has RDP on almost every windows machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming users connected to them are either admins or at least have more privileges than a normal user. >>>> > >>>> > Thought others might find it useful. >>>> > >>>> > Robin >>>> > _______________________________________________ >>>> > Pauldotcom mailing list >>>> > Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> > Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> >> >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> > > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: user enumeration through RDP, (continued)
- Re: user enumeration through RDP Carlos Perez (Apr 18)
- Re: user enumeration through RDP Matt (Apr 18)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Matt (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Michael Salmon (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Chris Campbell (Apr 24)
- Re: user enumeration through RDP Robin Wood (Apr 24)
- Re: user enumeration through RDP Jeremy Pommerening (Apr 24)
- Re: user enumeration through RDP Ryan (Apr 28)
- Re: user enumeration through RDP Rob Fuller (May 07)
- Re: user enumeration through RDP Carlos Perez (May 09)
- Re: user enumeration through RDP Robin Wood (May 09)
- Re: user enumeration through RDP Kory Kyzar (May 12)
- Re: user enumeration through RDP Robin Wood (May 13)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Robin Wood (Apr 22)