Re: [PEN-TEST] Finding a Windows machine that a user is logged in to

[Sacha Faust <sfaust () ITEMUS COM>]

You can query all systems in a domain ( you can look at the winfingerprint
souce code to see how to do that http://www.technotronic.com/winfingerprint
)
and then issue a netbios() call retreiving nic status and getting the user
on that system and simply search until you find your user

-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () DELOITTE CO ZA]
Sent: Tuesday, March 13, 2001 3:08 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Finding a Windows machine that a user is logged into


Hi Folks,

As part of a demonstration I want to do, I need to find a Windows client
that a particular user is logged in to.

e.g. on a Windows network, user rdawes is logged in somewhere. I need the IP
address, so that I can snoop the traffic that he is generating.

It is clearly possible to get this info, as for example tools like "net send
rdawes message" do it.  Having done that, I can look in my machine cache
using "nbtstat -c" to see who I've been talking to.

This is a bit obtrusive, though. I don't want to warn the user that I am
watching them, which the "net send" would do.

Does anyone have an idea how I can do this quietly?

Rogan