It can do it via port 3389? I doubt it. The subject is enumeration thru RSP that tool actually logs in and requires cred to the box and the RPC ports open
Sent from my iPhone On May 7, 2013, at 2:40 PM, Rob Fuller <[email protected]> wrote: > Could just use findtoken / incognito from MWR, it will list available tokens > on the box (supports ranges) > > http://labs.mwrinfosecurity.com/blog/2012/07/18/incognito-v2-0-released/ > > > -- > Rob Fuller | Mubix > Certified Checkbox Unchecker > Room362.com | Hak5.org > > > On Thu, Apr 25, 2013 at 4:16 PM, Ryan <[email protected]> > wrote: >> Microsoft Network Level Authentication (NLA) for RDP can also help defend >> against these "features" as it doesn't allow a full RDP connection until the >> user is authenticated. >> >> Ryan >> ----- Original Message ----- >> From: Jeremy Pommerening >> To: PaulDotCom Security Weekly Mailing List >> Sent: Tuesday, April 23, 2013 3:27 PM >> Subject: Re: [Pauldotcom] user enumeration through RDP >> >> It still displays username unless you specifically tell it not to via GPO or >> local machine policy. Interactive Logon: "Do not display last user name" >> Enable or Disable. >> >> Jeremy Pommerening >> CISSP,GCFA,GPEN,GAWN,GCFW, GWAPT, >> MCSE Win2K, MCSE NT4 >> From: Michael Salmon <[email protected]> >> To: PaulDotCom Security Weekly Mailing List <[email protected]> >> Sent: Tuesday, April 23, 2013 1:47 PM >> Subject: Re: [Pauldotcom] user enumeration through RDP >> >> Does RDP on Windows 7 still give the logged in username? Working with W7 I >> haven't seen it anymore but it may be that it's been disabled in my >> environment and I didn't realize it. >> >> >> On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez >> <[email protected]> wrote: >> No clue on that >> >> On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]> wrote: >> >>> >>> On Apr 23, 2013 5:07 PM, "Carlos Perez" <[email protected]> >>> wrote: >>> > >>> > This was what I was alluding to >>> > http://www.tenable.com/blog/nessus-52-released >>> > >>> > Nessus will now grab VNC and RDP Screenshots >>> Looks pretty cool. Any chance of building in character recognition in to >>> read the active user? >>> Robin >>> > Sent from my iPhone >>> > >>> > On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote: >>> > >>> >> If you are at BSidesLondon tomorrow we can chat then. >>> >> >>> >> >>> >> Sent from my iPhone >>> >> >>> >> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote: >>> >> >>> >>> On 18 April 2013 15:36, Matt <[email protected]> wrote: >>> >>>> >>> >>>> You can do more than that. Can't say much more but RDP has some useful >>> >>>> "features" that can be leveraged to gain a higher level of access if >>> >>>> you know your way round windows api. >>> >>>> >>> >>> >>> >>> Pointers to any info? I don't know much about the windows API but might >>> >>> be worth looking at. >>> >>> >>> >>>> >>> >>>> Sent from my iPhone >>> >>>> >>> >>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> >>> >>>> wrote: >>> >>>> >>> >>>> > I've just noticed a nice little trick for user enumeration. The >>> >>>> > client I'm testing has RDP on almost every windows machine and when >>> >>>> > you connect to them, if there is a user already connected they tell >>> >>>> > you who it is. Luckily here most of them do have someone >>> >>>> > logged in. It is a manual job but has got me a nice little stash of >>> >>>> > usernames which is good as all my usual techniques failed. Of extra >>> >>>> > lucky, by naming and subnets I know which the servers are so I'm >>> >>>> > assuming users connected to them are either admins or at least have >>> >>>> > more privileges than a normal user. >>> >>>> > >>> >>>> > Thought others might find it useful. >>> >>>> > >>> >>>> > Robin >>> >>>> > _______________________________________________ >>> >>>> > Pauldotcom mailing list >>> >>>> > [email protected] >>> >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> >>>> > Main Web Site: http://pauldotcom.com >>> >>>> _______________________________________________ >>> >>>> Pauldotcom mailing list >>> >>>> [email protected] >>> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Pauldotcom mailing list >>> >>> [email protected] >>> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> >>> Main Web Site: http://pauldotcom.com >>> >> >>> >> _______________________________________________ >>> >> Pauldotcom mailing list >>> >> [email protected] >>> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> >> Main Web Site: http://pauldotcom.com >>> > >>> > >>> > _______________________________________________ >>> > Pauldotcom mailing list >>> > [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> > Main Web Site: http://pauldotcom.com >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
