Security Basics mailing list archives

RE: Username Discovery

From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Wed, 25 Oct 2006 09:31:11 -0400

John,

Here's a start on a VB script for you.  It will iterate through subnets
you define in the array statement and scan for NetBIOS enabled machines.

Typically, the username will be one of the lines in the response.  A
caveat however is that on a Microsoft network, the username only appears
on the first machine logged onto (at least in a domain environment).
So, if Dookie logs into machineA then machineB, Dookie will appear in
the response on machineA but not machineB.  (However, if you had a
domain, then you'd already have a solution to your problem, right?)

Use writeline to dump to a text file after creating a file system object
if you want.  (VB scripting is easy, check it out).

In the code, use Isaac's recommendation of net use and dump the results
to a text file.  You can also readline passwords from another text file.

Here's your loop code:


Set objShell = WScript.CreateObject("WScript.Shell")
Subnets = Array("10.0.1.", "10.0.2.", "10.0.3.")

For Each NET in Subnets
  For HOST = 0 to 255

  Set objExecObject = objShell.Exec("cmd /c nbtstat -A " & NET & HOST &
"")

  Do While Not objExecObject.StdOut.AtEndOfStream


        // Mr. Dookie's code goes here


  Loop

  Next
Next

Best Regards,
Scott Ramsdell

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mister Dookie
Sent: Tuesday, October 24, 2006 3:55 PM
To: security-basics () securityfocus com
Subject: Username Discovery

Hello list,

Is there a tool on the market to audit a non-centrally controlled
(every user is the administrator of their own box) network for all
Windows usernames? In other words, is there something that can be used
to harvest the Windows logins that are residing on Windows boxes to
determine who is using the network but also to possibly plug into a
script to quickly iterate through the network to test for blank or
inexcusably weak passwords?

Thanks,
John

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Username Discovery Mister Dookie (Oct 24)
- Re: Username Discovery Thierry Zoller (Oct 25)
- <Possible follow-ups>
- RE: Username Discovery Dino Dogan (Oct 25)
- Re: Username Discovery sfmailsbm (Oct 25)
- RE: Username Discovery Scott Ramsdell (Oct 25)
- RE: Username Discovery Mark Palmer (Oct 25)
- Re: Username Discovery Bjorn Padding (Oct 25)