On 18 April 2013 15:16, Nicholas B. <[email protected]> wrote: > There are GPOs/local policies to suppress this, but by default it is > configured to disclose this info at least on systems running up to 2008R2 > (haven't looked into 2012/win8). You can also check for things like seeing > if the administrator account has been renamed or not as well as the > domain(s) in addition to the machine name (if you are only able to see the > ip address). Great info for further attacks regardless. > > How can you spot if it has been renamed? Just because a single word username is logged in?
> > On Wed, Apr 17, 2013 at 8:36 PM, Robin Wood <[email protected]> wrote: > >> I've just noticed a nice little trick for user enumeration. The client >> I'm testing has RDP on almost every windows machine and when you connect to >> them, if there is a user already connected they tell you who it is. Luckily >> here most of them do have someone logged in. It is a manual job but has got >> me a nice little stash of usernames which is good as all my usual >> techniques failed. Of extra lucky, by naming and subnets I know which the >> servers are so I'm assuming users connected to them are either admins or at >> least have more privileges than a normal user. >> >> Thought others might find it useful. >> >> Robin >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
