That looks like an interesting approach. With a bit of effort you could auto-crop the images to reduce the amount you would need to OCR to reduce anything on the wallpaper being detected.
Robin On 9 May 2013 14:43, Kory Kyzar <[email protected]> wrote: > If you can dump the screenshots from Nessus into a common folder, you > could try blasting them with ocrshotgun after tweaking the default regexes. > > > http://denniskuntz.com/blog/2011/10/12/ocrshotgun-sh-sensitive-data-from-images-with-ocr-the-shotgun-approach/ > > > On Wed, May 8, 2013 at 3:48 AM, Robin Wood <[email protected]> wrote: > >> On 7 May 2013 19:40, Rob Fuller <[email protected]> wrote: >> >>> Could just use findtoken / incognito from MWR, it will list available >>> tokens on the box (supports ranges) >>> >>> http://labs.mwrinfosecurity.com/blog/2012/07/18/incognito-v2-0-released/ >>> >>> >> Great tool but only if you've already got admin access. My original idea >> was for user harvesting when you've nothing else to go on. >> >> Robin >> >> >>> >>> -- >>> Rob Fuller | Mubix >>> Certified Checkbox Unchecker >>> Room362.com | Hak5.org >>> >>> >>> On Thu, Apr 25, 2013 at 4:16 PM, Ryan < >>> [email protected]> wrote: >>> >>>> ** >>>> Microsoft Network Level Authentication (NLA) for RDP can also help >>>> defend against these "features" as it doesn't allow a full RDP connection >>>> until the user is authenticated. >>>> >>>> Ryan >>>> >>>> ----- Original Message ----- >>>> *From:* Jeremy Pommerening <[email protected]> >>>> *To:* PaulDotCom Security Weekly Mailing >>>> List<[email protected]> >>>> *Sent:* Tuesday, April 23, 2013 3:27 PM >>>> *Subject:* Re: [Pauldotcom] user enumeration through RDP >>>> >>>> It still displays username unless you specifically tell it not to via >>>> GPO or local machine policy. Interactive Logon: "Do not display last user >>>> name" Enable or Disable. >>>> >>>> Jeremy Pommerening >>>> CISSP,GCFA,GPEN,GAWN,GCFW, GWAPT, >>>> MCSE Win2K, MCSE NT4 >>>> ------------------------------ >>>> *From:* Michael Salmon <[email protected]> >>>> *To:* PaulDotCom Security Weekly Mailing List < >>>> [email protected]> >>>> *Sent:* Tuesday, April 23, 2013 1:47 PM >>>> *Subject:* Re: [Pauldotcom] user enumeration through RDP >>>> >>>> Does RDP on Windows 7 still give the logged in username? Working >>>> with W7 I haven't seen it anymore but it may be that it's been disabled in >>>> my environment and I didn't realize it. >>>> >>>> >>>> On Tue, Apr 23, 2013 at 1:18 PM, Carlos Perez < >>>> [email protected]> wrote: >>>> >>>> No clue on that >>>> >>>> On Apr 23, 2013, at 12:32 PM, Robin Wood <[email protected]> wrote: >>>> >>>> >>>> On Apr 23, 2013 5:07 PM, "Carlos Perez" <[email protected]> >>>> wrote: >>>> > >>>> > This was what I was alluding to >>>> > http://www.tenable.com/blog/nessus-52-released >>>> > >>>> > Nessus will now grab VNC and RDP Screenshots >>>> Looks pretty cool. Any chance of building in character recognition in >>>> to read the active user? >>>> Robin >>>> > Sent from my iPhone >>>> > >>>> > On Apr 23, 2013, at 3:29 AM, Matt <[email protected]> wrote: >>>> > >>>> >> If you are at BSidesLondon tomorrow we can chat then. >>>> >> >>>> >> >>>> >> Sent from my iPhone >>>> >> >>>> >> On 21 Apr 2013, at 23:05, Robin Wood <[email protected]> wrote: >>>> >> >>>> >>> On 18 April 2013 15:36, Matt <[email protected]> wrote: >>>> >>>> >>>> >>>> You can do more than that. Can't say much more but RDP has some >>>> useful "features" that can be leveraged to gain a higher level of access if >>>> you know your way round windows api. >>>> >>>> >>>> >>> >>>> >>> Pointers to any info? I don't know much about the windows API but >>>> might be worth looking at. >>>> >>> >>>> >>>> >>>> >>>> Sent from my iPhone >>>> >>>> >>>> >>>> On 18 Apr 2013, at 01:36, Robin Wood <[email protected]> wrote: >>>> >>>> >>>> >>>> > I've just noticed a nice little trick for user enumeration. The >>>> client I'm testing has RDP on almost every windows machine and when you >>>> connect to them, if there is a user already connected they tell you who it >>>> is. Luckily here most of them do have someone logged in. It is a manual job >>>> but has got me a nice little stash of usernames which is good as all my >>>> usual techniques failed. Of extra lucky, by naming and subnets I know which >>>> the servers are so I'm assuming users connected to them are either admins >>>> or at least have more privileges than a normal user. >>>> >>>> > >>>> >>>> > Thought others might find it useful. >>>> >>>> > >>>> >>>> > Robin >>>> >>>> > _______________________________________________ >>>> >>>> > Pauldotcom mailing list >>>> >>>> > [email protected] >>>> >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> >>>> > Main Web Site: http://pauldotcom.com >>>> >>>> _______________________________________________ >>>> >>>> Pauldotcom mailing list >>>> >>>> [email protected] >>>> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>>> >>> >>>> >>> _______________________________________________ >>>> >>> Pauldotcom mailing list >>>> >>> [email protected] >>>> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> >>> Main Web Site: http://pauldotcom.com >>>> >> >>>> >> _______________________________________________ >>>> >> Pauldotcom mailing list >>>> >> [email protected] >>>> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> >> Main Web Site: http://pauldotcom.com >>>> > >>>> > >>>> > _______________________________________________ >>>> > Pauldotcom mailing list >>>> > [email protected] >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> > Main Web Site: http://pauldotcom.com >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> ------------------------------ >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
