Thank you, this was enough information to update the script (attached) to
report the logged in username when NetBIOS actually reports the info [1].
I don't know if this will work against Windows 9x/Me or not but it seems to
work against 2k and XP boxes. Please let me know how it works.
Brandon
[1] NetBIOS doesn't seem to explicitly report computername vs domainname vs
username etc. Oftentimes it doesn't even report the username. This script
is using a best-guess heuristic to determine the computername and
username. I think I've got it all correct but more testing/review is in
order.
On Tue, 27 Mar 2007 16:07:14 -0600
"DePriest, Jason R." <jrdepriest_at_gmail.com> wrote:
> On 3/27/07, Brandon Enright wrote:
> > DePriest, Jason R. wrote:
> > > I can give you detailed results from an nbtscan and a packet capture
> > > of the traffic.
> > >
> > > Would that be sufficient to help out?
> > >
> > > -Jason
> > >
> >
> > If you have a case where nbtscan was able to determine the remote user
> > that was logged in that ouput and packet capture would be most useful.
> > I suppose I could look at the nbtscan source code but I'd hate to run
> > into odd legal/licensing problems in doing so.
> >
> > Brandon
> >
> >
>
> It looked like nbtstat provided more verbosity for the end-user, so I
> used it instead.
>
> Nbtstat actually shows you the raw data received minus the tcp and
> ethernet layer stuff.
>
> I am including the full packet capture data from a tshark dump as well.
>
> See the attachment for the pcap and txt files with the data.
>
> -Jason
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Mar 27 2007
Intro
