Penetration Testing mailing list archives

Re: [PEN-TEST] Finding a Windows machine that a user is logged into

From: "Woch, Wojciech" <Woch_W () ADMIRAL FR>
Date: Wed, 14 Mar 2001 10:13:47 +0100

Dawes, Rogan wrote:

As part of a demonstration I want to do, I need to find a Windows client
that a particular user is logged in to.

        (...)

Does anyone have an idea how I can do this quietly?


Assuming that the remote machine is using a WINS server, you can use
winscl.exe from the Resource Kit to find the IP address associated with the
login name.

Otherwise, using Network Monitor (SMS version), you can send an altered  NBT
NS Query packet to the broadcast address of your LAN. First capture a
"nbtstat -a login_name", edit the packet so that the 16th digit is <03>
instead of <00> (change the last 0x41 to 0x44 in the "Question Name" field),
recalculate the UDP checksum, retransmit and capture the reply with another
instance of Netmon.

Current thread:

Re: [PEN-TEST] Finding a Windows machine that a user is logged into Carter, Adam (Mar 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Clifford, Shawn A (Mar 14)
  - Re: [PEN-TEST] Finding a Windows machine that a user is logged into Greg (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Woch, Wojciech (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Clifford, Shawn A (Mar 14)