Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Re[2]: locate windows workstation if you know the username
From: "Discussion Lists" <discussions () lagraphico com>
Date: Fri, 15 Sep 2006 08:45:22 -0700

Coupla other possibilities . . . If this is a search on a domain, and
you have the appropriate privs, you can use vbscript to do this.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputer = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
Wscript.Echo objComputer.UserName
Next

You'd just have to add to the script so that it enumerates AD, or reads
in a list of IP's and scans each one in succession.  I've used the first
method successfully in the past, but not for the same purposes as yours.

I doubt this would work though without domain admin credentials.

-----Original Message-----
From: s-williams () nyc rr com [mailto:s-williams () nyc rr com] 
Sent: Thursday, August 31, 2006 1:46 PM
To: Jason L. Ellison; Matthew Leeds
Cc: pen-test () securityfocus com
Subject: Re: Re[2]: locate windows workstation if you know 
the username


There is a windows version that is still around do a google 
for nbtscan. You can scann a whole subnet, or just a single 
ip. Sent via BlackBerry from T-Mobile  

-----Original Message-----
From: "Jason L. Ellison" <infotek () datasync com>
Date: Thu, 31 Aug 2006 13:53:08 
To:Matthew Leeds <mleeds () theleeds net> Cc:pen-test () securityfocus com
Subject: Re[2]: locate windows workstation if you know the username

on Unix nbtscan/nbtstat will do something like this.  It 
dumps the machine name, username, domain/workgroup and MAC 
address.  I used to run it daily and archive the output to 
see where users normaly logon.  The one I used was written in 
C.  I had to add an alarm to it so it would timeout for host 
not responding.

-Jason Ellison

On Thu, 31 Aug 2006, Matthew Leeds wrote:

For the terminally lazy, you might Google TCPNetView. This 
GUI utility 
will give you both the IP address and MAC address.

----------
---Matthew
*********** REPLY SEPARATOR  ***********

On 8/30/2006 at 1:05 PM Mike Sues wrote:

Hello,

if they're using WINS, send a NetBIOS name
request for the username, netbios service 03
(i.e. messenger service) to the WINS server.
It will respond with the IP of the host registered
to the user's workstation.

--------------------------------------------
Mike Sues, GCIH
CEO & Ethical Hack Specialist
Rigel Kent Security & Advisory Services Inc 
http://www.rigelksecurity.com voice:613.233.HACK
fax  :613.233.1788
toll
free :1.877.777.H8CK
--------------------------------------------


-----Original Message-----
From: offset [mailto:offset () ubersecurity org]
Sent: Wednesday, August 30, 2006 1:34 AM
To: pen-test () securityfocus com
Subject: locate windows workstation if you know the username


Greetings fellow pen-testers,

Looking for ideas on tracking down a windows workstation 
if you know 
the username.

I know that if I run     net send username ""     I can 
tell that the user
is online without the message box popping up on their machine 
(usually), but I'd like to know which workstation a 
particular user 
is at for a targeted arp spoofing attack against a client.

-off


---------------------------------------------------------------------
---




----------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE. 
http://www.cenzic.com/products_services/download_hailstorm.php

----------------------------------------------------------------------
--



--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for 
FREE. http://www.cenzic.com/products_services/download_hailstorm.php
--------------------------------------------------------------
----------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]