There's a group policy option to disable username memory on the login
screen.
Michael Salmon wrote:
Does RDP on Windows 7 still give the logged in username? Working with
W7 I haven't seen it anymore but it may be that it's been disabled in
my environment and I didn't realize it.
On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez
<[email protected] <mailto:[email protected]>>
wrote:
No clue on that
On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]
<mailto:[email protected]>> wrote:
On Apr 23, 2013 5:07 PM, "Carlos Perez"
<[email protected]
<mailto:[email protected]>> wrote:
>
> This was what I was alluding to
> http://www.tenable.com/blog/nessus-52-released
>
> Nessus will now grab VNC and RDP Screenshots
Looks pretty cool. Any chance of building in character
recognition in to read the active user?
Robin
> Sent from my iPhone
>
> On Apr 23, 2013, at 3:29 AM, Matt <[email protected]
<mailto:[email protected]>> wrote:
>
>> If you are at BSidesLondon tomorrow we can chat then.
>>
>>
>> Sent from my iPhone
>>
>> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]
<mailto:[email protected]>> wrote:
>>
>>> On 18 April 2013 15:36, Matt <[email protected]
<mailto:[email protected]>> wrote:
>>>>
>>>> You can do more than that. Can't say much more but RDP has
some useful "features" that can be leveraged to gain a higher
level of access if you know your way round windows api.
>>>>
>>>
>>> Pointers to any info? I don't know much about the windows API
but might be worth looking at.
>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]
<mailto:[email protected]>> wrote:
>>>>
>>>> > I've just noticed a nice little trick for user
enumeration. The client I'm testing has RDP on almost every
windows machine and when you connect to them, if there is a user
already connected they tell you who it is. Luckily here most of
them do have someone logged in. It is a manual job but has got me
a nice little stash of usernames which is good as all my usual
techniques failed. Of extra lucky, by naming and subnets I know
which the servers are so I'm assuming users connected to them are
either admins or at least have more privileges than a normal user.
>>>> >
>>>> > Thought others might find it useful.
>>>> >
>>>> > Robin
>>>> > _______________________________________________
>>>> > Pauldotcom mailing list
>>>> > [email protected]
<mailto:[email protected]>
>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> > Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> [email protected]
<mailto:[email protected]>
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
>>>
>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
<mailto:[email protected]>
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
<mailto:[email protected]>
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
<mailto:[email protected]>
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
_______________________________________________
Pauldotcom mailing list
[email protected]
<mailto:[email protected]>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected] <mailto:[email protected]>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
