No clue on that On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]> wrote:
> > On Apr 23, 2013 5:07 PM, "Carlos Perez" <[email protected]> wrote: > > > > This was what I was alluding to > > http://www.tenable.com/blog/nessus-52-released > > > > Nessus will now grab VNC and RDP Screenshots > > Looks pretty cool. Any chance of building in character recognition in to read > the active user? > > Robin > > > Sent from my iPhone > > > > On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote: > > > >> If you are at BSidesLondon tomorrow we can chat then. > >> > >> > >> Sent from my iPhone > >> > >> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote: > >> > >>> On 18 April 2013 15:36, Matt <[email protected]> wrote: > >>>> > >>>> You can do more than that. Can't say much more but RDP has some useful > >>>> "features" that can be leveraged to gain a higher level of access if you > >>>> know your way round windows api. > >>>> > >>> > >>> Pointers to any info? I don't know much about the windows API but might > >>> be worth looking at. > >>> > >>>> > >>>> Sent from my iPhone > >>>> > >>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: > >>>> > >>>> > I've just noticed a nice little trick for user enumeration. The client > >>>> > I'm testing has RDP on almost every windows machine and when you > >>>> > connect to them, if there is a user already connected they tell you > >>>> > who it is. Luckily here most of them do have someone logged in. It is > >>>> > a manual job but has got me a nice little stash of usernames which is > >>>> > good as all my usual techniques failed. Of extra lucky, by naming and > >>>> > subnets I know which the servers are so I'm assuming users connected > >>>> > to them are either admins or at least have more privileges than a > >>>> > normal user. > >>>> > > >>>> > Thought others might find it useful. > >>>> > > >>>> > Robin > >>>> > _______________________________________________ > >>>> > Pauldotcom mailing list > >>>> > [email protected] > >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>>> > Main Web Site: http://pauldotcom.com > >>>> _______________________________________________ > >>>> Pauldotcom mailing list > >>>> [email protected] > >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>>> Main Web Site: http://pauldotcom.com > >>> > >>> > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
