Penetration Testing mailing list archives
Re: [PEN-TEST] Finding a Windows machine that a user is logged into
From: olle <olle () NXS SE>
Date: Wed, 14 Mar 2001 15:24:23 +0100
On Tue, Mar 13, 2001 at 10:07:54AM +0200, Dawes, Rogan (ZA - Johannesburg) wrote:
Hi Folks, As part of a demonstration I want to do, I need to find a Windows client that a particular user is logged in to. e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP address, so that I can snoop the traffic that he is generating. It is clearly possible to get this info, as for example tools like "net send rdawes message" do it. Having done that, I can look in my machine cache using "nbtstat -c" to see who I've been talking to. This is a bit obtrusive, though. I don't want to warn the user that I am watching them, which the "net send" would do. Does anyone have an idea how I can do this quietly?
The messenger service used by "net send" uses a broadcast NetBios request for the NetBios name to locate the user. I think netb by sirdystic of cdc might be used to construct such a request, without requiring programming knowledge..... http://pr0n.newhackcity.net/~sd/netbios.html /olle
Current thread:
- [PEN-TEST] Finding a Windows machine that a user is logged into Dawes, Rogan (ZA - Johannesburg) (Mar 13)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Ted Behling (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Fredrik Wallström (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into olle (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Joakim Sandström (Mar 15)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Mike Sues (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Stephen P. Wilson (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Chris Winter (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Nelson Brito (Mar 14)