Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Finding a Windows machine that a user is logged into

From: Ted Behling <tbehling () MONARCHIS NET>
Date: Wed, 14 Mar 2001 01:17:41 -0500
Use nbtscan, available from http://www.inetcat.org/software/nbtscan.html.
This useful tool scans IP networks for NetBIOS name information, giving you
the machine name and currently-logged-in user.  It's even distributed as
Win32 binaries.

At 10:07 AM 3/13/01 +0200, Dawes, Rogan (ZA - Johannesburg) wrote:

As part of a demonstration I want to do, I need to find a Windows client
that a particular user is logged in to.

e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP
address, so that I can snoop the traffic that he is generating.

It is clearly possible to get this info, as for example tools like "net send
rdawes message" do it.  Having done that, I can look in my machine cache
using "nbtstat -c" to see who I've been talking to.



------------------------------------------------
Ted Behling, E-Commerce Consultant
Monarch Information Systems, Inc.
"Because Every Business Should Be An E-Business"

43 Folly Field Road, Unit 4
Hilton Head Island, SC 29928-5434
Toll-free Phone & Fax: 1-800-842-7894
Local or Outside the USA: 1-843-842-7894
mailto:tbehling () monarchis net
http://www.monarchis.net
------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: