I'm at a talk on rdp at 44cafe now and will be at BSides tomorrow. Robin On Apr 23, 2013 3:55 PM, "Matt" <[email protected]> wrote:
> If you are at BSidesLondon tomorrow we can chat then. > > > Sent from my iPhone > > On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote: > > On 18 April 2013 15:36, Matt <[email protected]> wrote: > >> You can do more than that. Can't say much more but RDP has some useful >> "features" that can be leveraged to gain a higher level of access if you >> know your way round windows api. >> >> > Pointers to any info? I don't know much about the windows API but might be > worth looking at. > > >> Sent from my iPhone >> >> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: >> >> > I've just noticed a nice little trick for user enumeration. The client >> I'm testing has RDP on almost every windows machine and when you connect to >> them, if there is a user already connected they tell you who it is. Luckily >> here most of them do have someone logged in. It is a manual job but has got >> me a nice little stash of usernames which is good as all my usual >> techniques failed. Of extra lucky, by naming and subnets I know which the >> servers are so I'm assuming users connected to them are either admins or at >> least have more privileges than a normal user. >> > >> > Thought others might find it useful. >> > >> > Robin >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
