It still displays username unless you specifically tell it not to via GPO or
local machine policy. Interactive Logon: "Do not display last user name"
Enable or Disable.
Jeremy Pommerening
CISSP,GCFA,GPEN,GAWN,GCFW, GWAPT,
MCSE Win2K, MCSE NT4
________________________________
From: Michael Salmon <[email protected]>
To: PaulDotCom Security Weekly Mailing List <[email protected]>
Sent: Tuesday, April 23, 2013 1:47 PM
Subject: Re: [Pauldotcom] user enumeration through RDP
Does RDP on Windows 7 still give the logged in username? Working with W7 I
haven't seen it anymore but it may be that it's been disabled in my environment
and I didn't realize it.
On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez <[email protected]>
wrote:
No clue on that
>
>
>On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]> wrote:
>
>
>>On Apr 23, 2013 5:07 PM, "Carlos Perez" <[email protected]> wrote:
>>>
>>> This was what I was alluding to
>>> http://www.tenable.com/blog/nessus-52-released
>>>
>>> Nessus will now grab VNC and RDP Screenshots
>>Looks pretty cool. Any chance of building in character recognition in to read
>>the active user?
>>Robin
>>> Sent from my iPhone
>>>
>>> On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote:
>>>
>>>> If you are at BSidesLondon tomorrow we can chat then.
>>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote:
>>>>
>>>>> On 18 April 2013 15:36, Matt <[email protected]> wrote:
>>>>>>
>>>>>> You can do more than that. Can't say much more but RDP has some useful
>>>>>> "features" that can be leveraged to gain a higher level of access if you
>>>>>> know your way round windows api.
>>>>>>
>>>>>
>>>>> Pointers to any info? I don't know much about the windows API but might
>>>>> be worth looking at.
>>>>>
>>>>>>
>>>>>> Sent from my iPhone
>>>>>>
>>>>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote:
>>>>>>
>>>>>> > I've just noticed a nice little trick for user enumeration. The client
>>>>>> > I'm testing has RDP on almost every windows machine and when you
>>>>>> > connect to them, if there is a user already connected they tell you
>>>>>> > who it is. Luckily here most of them do have someone logged in. It is
>>>>>> > a manual job but has got me a nice little stash of usernames which is
>>>>>> > good as all my usual techniques failed. Of extra lucky, by naming and
>>>>>> > subnets I know which the servers are so I'm assuming users connected
>>>>>> > to them are either admins or at least have more privileges than a
>>>>>> > normal user.
>>>>>> >
>>>>>> > Thought others might find it useful.
>>>>>> >
>>>>>> > Robin
>>>>>> > _______________________________________________
>>>>>> > Pauldotcom mailing list
>>>>>> > [email protected]
>>>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>>> > Main Web Site: http://pauldotcom.com
>>>>>> _______________________________________________
>>>>>> Pauldotcom mailing list
>>>>>> [email protected]
>>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>>> Main Web Site: http://pauldotcom.com
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Pauldotcom mailing list
>>>>> [email protected]
>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>> Main Web Site: http://pauldotcom.com
>>>>
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> [email protected]
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com
>>>
>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>
_______________________________________________
>>Pauldotcom mailing list
>>[email protected]
>>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>Main Web Site: http://pauldotcom.com
>
>_______________________________________________
>Pauldotcom mailing list
>[email protected]
>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
