You can do more than that. Can't say much more but RDP has some useful "features" that can be leveraged to gain a higher level of access if you know your way round windows api.
Sent from my iPhone On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: > I've just noticed a nice little trick for user enumeration. The client I'm > testing has RDP on almost every windows machine and when you connect to them, > if there is a user already connected they tell you who it is. Luckily here > most of them do have someone logged in. It is a manual job but has got me a > nice little stash of usernames which is good as all my usual techniques > failed. Of extra lucky, by naming and subnets I know which the servers are so > I'm assuming users connected to them are either admins or at least have more > privileges than a normal user. > > Thought others might find it useful. > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
