PaulDotCom mailing list archives
Re: user enumeration through RDP
From: "Ryan" <randomrhythm () rhythmengineering com>
Date: Thu, 25 Apr 2013 14:16:50 -0600
Microsoft Network Level Authentication (NLA) for RDP can also help defend against these "features" as it doesn't allow a full RDP connection until the user is authenticated. Ryan ----- Original Message ----- From: Jeremy Pommerening To: PaulDotCom Security Weekly Mailing List Sent: Tuesday, April 23, 2013 3:27 PM Subject: Re: [Pauldotcom] user enumeration through RDP It still displays username unless you specifically tell it not to via GPO or local machine policy. Interactive Logon: "Do not display last user name" Enable or Disable. Jeremy Pommerening CISSP,GCFA,GPEN,GAWN,GCFW, GWAPT, MCSE Win2K, MCSE NT4 ------------------------------------------------------------------------------ From: Michael Salmon <lonestarr13 () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Sent: Tuesday, April 23, 2013 1:47 PM Subject: Re: [Pauldotcom] user enumeration through RDP Does RDP on Windows 7 still give the logged in username? Working with W7 I haven't seen it anymore but it may be that it's been disabled in my environment and I didn't realize it. On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez <carlos_perez () darkoperator com> wrote: No clue on that On Apr 23, 2013, at 12:32 PM, Robin Wood <robin () digininja org> wrote: On Apr 23, 2013 5:07 PM, "Carlos Perez" <carlos_perez () darkoperator com> wrote: > > This was what I was alluding to > http://www.tenable.com/blog/nessus-52-released > > Nessus will now grab VNC and RDP Screenshots Looks pretty cool. Any chance of building in character recognition in to read the active user? Robin > Sent from my iPhone > > On Apr 23, 2013, at 3:29 AM, Matt <matt () fireantsecurity co uk> wrote: > >> If you are at BSidesLondon tomorrow we can chat then. >> >> >> Sent from my iPhone >> >> On 21 Apr 2013, at 23:05, Robin Wood <robin () digininja org> wrote: >> >>> On 18 April 2013 15:36, Matt <matt () fireantsecurity co uk> wrote: >>>> >>>> You can do more than that. Can't say much more but RDP has some useful "features" that can be leveraged to gain a higher level of access if you know your way round windows api. >>>> >>> >>> Pointers to any info? I don't know much about the windows API but might be worth looking at. >>> >>>> >>>> Sent from my iPhone >>>> >>>> On 18 Apr 2013, at 01:36, Robin Wood <robin () digininja org> wrote: >>>> >>>> > I've just noticed a nice little trick for user enumeration. The client I'm testing has RDP on almost every windows machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming users connected to them are either admins or at least have more privileges than a normal user. >>>> > >>>> > Thought others might find it useful. >>>> > >>>> > Robin >>>> > _______________________________________________ >>>> > Pauldotcom mailing list >>>> > Pauldotcom () mail pauldotcom com >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> > Main Web Site: http://pauldotcom.com >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> Pauldotcom () mail pauldotcom com >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> Pauldotcom () mail pauldotcom com >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom () mail pauldotcom com >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom () mail pauldotcom com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ------------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: user enumeration through RDP, (continued)
- Re: user enumeration through RDP Matt (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Robin Wood (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Michael Salmon (Apr 23)
- Re: user enumeration through RDP Carlos Perez (Apr 23)
- Re: user enumeration through RDP Chris Campbell (Apr 24)
- Re: user enumeration through RDP Robin Wood (Apr 24)
- Re: user enumeration through RDP Jeremy Pommerening (Apr 24)
- Re: user enumeration through RDP Ryan (Apr 28)
- Re: user enumeration through RDP Rob Fuller (May 07)
- Re: user enumeration through RDP Carlos Perez (May 09)
- Re: user enumeration through RDP Robin Wood (May 09)
- Re: user enumeration through RDP Kory Kyzar (May 12)
- Re: user enumeration through RDP Robin Wood (May 13)
- Re: user enumeration through RDP Robin Wood (Apr 22)