Penetration Testing mailing list archives
RE: Re[2]: locate windows workstation if you know the username
From: "Discussion Lists" <discussions () lagraphico com>
Date: Fri, 15 Sep 2006 08:45:22 -0700
Coupla other possibilities . . . If this is a search on a domain, and you have the appropriate privs, you can use vbscript to do this. strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colComputer = objWMIService.ExecQuery _ ("Select * from Win32_ComputerSystem") For Each objComputer in colComputer Wscript.Echo objComputer.UserName Next You'd just have to add to the script so that it enumerates AD, or reads in a list of IP's and scans each one in succession. I've used the first method successfully in the past, but not for the same purposes as yours. I doubt this would work though without domain admin credentials.
-----Original Message----- From: s-williams () nyc rr com [mailto:s-williams () nyc rr com] Sent: Thursday, August 31, 2006 1:46 PM To: Jason L. Ellison; Matthew Leeds Cc: pen-test () securityfocus com Subject: Re: Re[2]: locate windows workstation if you know the username There is a windows version that is still around do a google for nbtscan. You can scann a whole subnet, or just a single ip. Sent via BlackBerry from T-Mobile -----Original Message----- From: "Jason L. Ellison" <infotek () datasync com> Date: Thu, 31 Aug 2006 13:53:08 To:Matthew Leeds <mleeds () theleeds net> Cc:pen-test () securityfocus com Subject: Re[2]: locate windows workstation if you know the username on Unix nbtscan/nbtstat will do something like this. It dumps the machine name, username, domain/workgroup and MAC address. I used to run it daily and archive the output to see where users normaly logon. The one I used was written in C. I had to add an alarm to it so it would timeout for host not responding. -Jason Ellison On Thu, 31 Aug 2006, Matthew Leeds wrote:For the terminally lazy, you might Google TCPNetView. ThisGUI utilitywill give you both the IP address and MAC address. ---------- ---Matthew *********** REPLY SEPARATOR *********** On 8/30/2006 at 1:05 PM Mike Sues wrote:Hello, if they're using WINS, send a NetBIOS name request for the username, netbios service 03 (i.e. messenger service) to the WINS server. It will respond with the IP of the host registered to the user's workstation. -------------------------------------------- Mike Sues, GCIH CEO & Ethical Hack Specialist Rigel Kent Security & Advisory Services Inc http://www.rigelksecurity.com voice:613.233.HACK fax :613.233.1788 toll free :1.877.777.H8CK -------------------------------------------- -----Original Message----- From: offset [mailto:offset () ubersecurity org] Sent: Wednesday, August 30, 2006 1:34 AM To: pen-test () securityfocus com Subject: locate windows workstation if you know the username Greetings fellow pen-testers, Looking for ideas on tracking down a windows workstationif you knowthe username. I know that if I run net send username "" I cantell that the useris online without the message box popping up on their machine (usually), but I'd like to know which workstation aparticular useris at for a targeted arp spoofing attack against a client. -off------------------------------------------------------------------------------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php-------------------------------------------------------------------------------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- RE: Re[2]: locate windows workstation if you know the username Discussion Lists (Sep 15)
- Re: locate windows workstation if you know the username Steve Friedl (Sep 16)