PaulDotCom mailing list archives
Re: user enumeration through RDP
From: "Nicholas B." <nberthaume () gmail com>
Date: Tue, 23 Apr 2013 17:16:38 -0400
If the system is joined to a domain and you connect and type in the username administrator or another local account it will change the domain to the system's name. However if it does not it was likely renamed, but some informed guessing can turn it up in most cases. On Apr 22, 2013 2:48 PM, "Robin Wood" <robin () digininja org> wrote:
On 18 April 2013 15:16, Nicholas B. <nberthaume () gmail com> wrote:There are GPOs/local policies to suppress this, but by default it is configured to disclose this info at least on systems running up to 2008R2 (haven't looked into 2012/win8). You can also check for things like seeing if the administrator account has been renamed or not as well as the domain(s) in addition to the machine name (if you are only able to see the ip address). Great info for further attacks regardless. How can you spot if it has been renamed? Just because a single wordusername is logged in?On Wed, Apr 17, 2013 at 8:36 PM, Robin Wood <robin () digininja org> wrote:I've just noticed a nice little trick for user enumeration. The client I'm testing has RDP on almost every windows machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming users connected to them are either admins or at least have more privileges than a normal user. Thought others might find it useful. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- user enumeration through RDP Robin Wood (Apr 18)
- Re: user enumeration through RDP Nicholas B. (Apr 18)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Nicholas B. (Apr 24)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Carlos Perez (Apr 18)
- Re: user enumeration through RDP Matt (Apr 18)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Matt (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Michael Salmon (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 22)
- Re: user enumeration through RDP Nicholas B. (Apr 18)