Re: [PEN-TEST] Finding a Windows machine that a user is logged into

["Clifford, Shawn A" <shawn.a.clifford () LMCO COM>]

Hi,

You can use 'netdom member' to look up all of the users on all machines in
your domain(s).  Then parse the output.  Here is a Perl script that does
just that.  It creates a hash table (by specifying the -r option) of all
user/machine pairs currently logged in in your domain(s).  This can take a
long time to generate.

You will need to edit the netdom queries to specify your domain(s).

-- Shawn


-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () DELOITTE CO ZA]
Sent: Tuesday, March 13, 2001 3:08 AM
Subject: Finding a Windows machine that a user is logged into


Hi Folks,

As part of a demonstration I want to do, I need to find a Windows client
that a particular user is logged in to.

e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP
address, so that I can snoop the traffic that he is generating.

It is clearly possible to get this info, as for example tools like "net send
rdawes message" do it.  Having done that, I can look in my machine cache
using "nbtstat -c" to see who I've been talking to.

This is a bit obtrusive, though. I don't want to warn the user that I am
watching them, which the "net send" would do.

Does anyone have an idea how I can do this quietly?

Rogan

Attachment: ntwho.pl
Description: