There are GPOs/local policies to suppress this, but by default it is configured to disclose this info at least on systems running up to 2008R2 (haven't looked into 2012/win8). You can also check for things like seeing if the administrator account has been renamed or not as well as the domain(s) in addition to the machine name (if you are only able to see the ip address). Great info for further attacks regardless.
On Wed, Apr 17, 2013 at 8:36 PM, Robin Wood <[email protected]> wrote: > I've just noticed a nice little trick for user enumeration. The client I'm > testing has RDP on almost every windows machine and when you connect to > them, if there is a user already connected they tell you who it is. Luckily > here most of them do have someone logged in. It is a manual job but has got > me a nice little stash of usernames which is good as all my usual > techniques failed. Of extra lucky, by naming and subnets I know which the > servers are so I'm assuming users connected to them are either admins or at > least have more privileges than a normal user. > > Thought others might find it useful. > > Robin > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
