Microsoft Network Level Authentication (NLA) for RDP can also help defend
against these "features" as it doesn't allow a full RDP connection until the
user is authenticated.
Ryan
----- Original Message -----
From: Jeremy Pommerening
To: PaulDotCom Security Weekly Mailing List
Sent: Tuesday, April 23, 2013 3:27 PM
Subject: Re: [Pauldotcom] user enumeration through RDP
It still displays username unless you specifically tell it not to via GPO or
local machine policy. Interactive Logon: "Do not display last user name"
Enable or Disable.
Jeremy Pommerening
CISSP,GCFA,GPEN,GAWN,GCFW, GWAPT,
MCSE Win2K, MCSE NT4
------------------------------------------------------------------------------
From: Michael Salmon <[email protected]>
To: PaulDotCom Security Weekly Mailing List <[email protected]>
Sent: Tuesday, April 23, 2013 1:47 PM
Subject: Re: [Pauldotcom] user enumeration through RDP
Does RDP on Windows 7 still give the logged in username? Working with W7 I
haven't seen it anymore but it may be that it's been disabled in my environment
and I didn't realize it.
On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez <[email protected]>
wrote:
No clue on that
On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]> wrote:
On Apr 23, 2013 5:07 PM, "Carlos Perez" <[email protected]>
wrote:
>
> This was what I was alluding to
> http://www.tenable.com/blog/nessus-52-released
>
> Nessus will now grab VNC and RDP Screenshots
Looks pretty cool. Any chance of building in character recognition in to
read the active user?
Robin
> Sent from my iPhone
>
> On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote:
>
>> If you are at BSidesLondon tomorrow we can chat then.
>>
>>
>> Sent from my iPhone
>>
>> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote:
>>
>>> On 18 April 2013 15:36, Matt <[email protected]> wrote:
>>>>
>>>> You can do more than that. Can't say much more but RDP has some
useful "features" that can be leveraged to gain a higher level of access if you
know your way round windows api.
>>>>
>>>
>>> Pointers to any info? I don't know much about the windows API but
might be worth looking at.
>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote:
>>>>
>>>> > I've just noticed a nice little trick for user enumeration. The
client I'm testing has RDP on almost every windows machine and when you connect
to them, if there is a user already connected they tell you who it is. Luckily
here most of them do have someone logged in. It is a manual job but has got me
a nice little stash of usernames which is good as all my usual techniques
failed. Of extra lucky, by naming and subnets I know which the servers are so
I'm assuming users connected to them are either admins or at least have more
privileges than a normal user.
>>>> >
>>>> > Thought others might find it useful.
>>>> >
>>>> > Robin
>>>> > _______________________________________________
>>>> > Pauldotcom mailing list
>>>> > [email protected]
>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> > Main Web Site: http://pauldotcom.com
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> [email protected]
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com
>>>
>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
------------------------------------------------------------------------------
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
