This was what I was alluding to http://www.tenable.com/blog/nessus-52-released
Nessus will now grab VNC and RDP Screenshots Sent from my iPhone On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote: > If you are at BSidesLondon tomorrow we can chat then. > > > Sent from my iPhone > > On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote: > >> On 18 April 2013 15:36, Matt <[email protected]> wrote: >>> You can do more than that. Can't say much more but RDP has some useful >>> "features" that can be leveraged to gain a higher level of access if you >>> know your way round windows api. >> >> Pointers to any info? I don't know much about the windows API but might be >> worth looking at. >> >>> Sent from my iPhone >>> >>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: >>> >>> > I've just noticed a nice little trick for user enumeration. The client >>> > I'm testing has RDP on almost every windows machine and when you connect >>> > to them, if there is a user already connected they tell you who it is. >>> > Luckily here most of them do have someone logged in. It is a manual job >>> > but has got me a nice little stash of usernames which is good as all my >>> > usual techniques failed. Of extra lucky, by naming and subnets I know >>> > which the servers are so I'm assuming users connected to them are either >>> > admins or at least have more privileges than a normal user. >>> > >>> > Thought others might find it useful. >>> > >>> > Robin >>> > _______________________________________________ >>> > Pauldotcom mailing list >>> > [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> > Main Web Site: http://pauldotcom.com >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
