On 18 April 2013 15:36, Matt <[email protected]> wrote: > You can do more than that. Can't say much more but RDP has some useful > "features" that can be leveraged to gain a higher level of access if you > know your way round windows api. > > Pointers to any info? I don't know much about the windows API but might be worth looking at.
> Sent from my iPhone > > On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: > > > I've just noticed a nice little trick for user enumeration. The client > I'm testing has RDP on almost every windows machine and when you connect to > them, if there is a user already connected they tell you who it is. Luckily > here most of them do have someone logged in. It is a manual job but has got > me a nice little stash of usernames which is good as all my usual > techniques failed. Of extra lucky, by naming and subnets I know which the > servers are so I'm assuming users connected to them are either admins or at > least have more privileges than a normal user. > > > > Thought others might find it useful. > > > > Robin > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
