Penetration Testing mailing list archives
Re: [PEN-TEST] Finding a Windows machine that a user is logged into
From: Greg <greg () HOOBIE NET>
Date: Wed, 14 Mar 2001 21:30:17 -0000
DumpACL should amongst other things, obtain the name of the last workstation that any particular user logged in from. This info can be obtained from any domain controller I believe. I've never bothered using this function but I do recall seing it within DumpACL some years ago and I assume it works OK. Just point DumpACL at a DC and dump the list of users, remember to select the 'last workstation' field in the list of stuff to grab. regards Greg -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Clifford, Shawn A Sent: 14 March 2001 12:51 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Finding a Windows machine that a user is logged into Hi, You can use 'netdom member' to look up all of the users on all machines in your domain(s). Then parse the output. Here is a Perl script that does just that. It creates a hash table (by specifying the -r option) of all user/machine pairs currently logged in in your domain(s). This can take a long time to generate. You will need to edit the netdom queries to specify your domain(s). -- Shawn -----Original Message----- From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () DELOITTE CO ZA] Sent: Tuesday, March 13, 2001 3:08 AM Subject: Finding a Windows machine that a user is logged into Hi Folks, As part of a demonstration I want to do, I need to find a Windows client that a particular user is logged in to. e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP address, so that I can snoop the traffic that he is generating. It is clearly possible to get this info, as for example tools like "net send rdawes message" do it. Having done that, I can look in my machine cache using "nbtstat -c" to see who I've been talking to. This is a bit obtrusive, though. I don't want to warn the user that I am watching them, which the "net send" would do. Does anyone have an idea how I can do this quietly? Rogan
Current thread:
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Carter, Adam (Mar 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Clifford, Shawn A (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Greg (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Woch, Wojciech (Mar 14)
- Re: [PEN-TEST] Finding a Windows machine that a user is logged into Clifford, Shawn A (Mar 14)