I've just noticed a nice little trick for user enumeration. The client I'm testing has RDP on almost every windows machine and when you connect to them, if there is a user already connected they tell you who it is. Luckily here most of them do have someone logged in. It is a manual job but has got me a nice little stash of usernames which is good as all my usual techniques failed. Of extra lucky, by naming and subnets I know which the servers are so I'm assuming users connected to them are either admins or at least have more privileges than a normal user.
Thought others might find it useful. Robin
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
