RE: Re[2]: locate windows workstation if you know the username

From: Discussion Lists (discussions@lagraphico.com)
Date: Fri Sep 15 2006 - 11:45:22 EDT

• Next message: ballares@gmail.com: "RE: User group tool"
• Previous message: Hanif Bin Abdul Ghani: "RE: User group tool"
• Maybe in reply to: Jason L. Ellison: "Re[2]: locate windows workstation if you know the username"
• Next in thread: Steve Friedl: "Re: locate windows workstation if you know the username"
• Reply: Steve Friedl: "Re: locate windows workstation if you know the username"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Coupla other possibilities . . . If this is a search on a domain, and
you have the appropriate privs, you can use vbscript to do this.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputer = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
Wscript.Echo objComputer.UserName
Next

You'd just have to add to the script so that it enumerates AD, or reads
in a list of IP's and scans each one in succession. I've used the first
method successfully in the past, but not for the same purposes as yours.

I doubt this would work though without domain admin credentials.

> -----Original Message-----
> From: s-williams@nyc.rr.com [mailto:s-williams@nyc.rr.com]
> Sent: Thursday, August 31, 2006 1:46 PM
> To: Jason L. Ellison; Matthew Leeds
> Cc: pen-test@securityfocus.com
> Subject: Re: Re[2]: locate windows workstation if you know
> the username
>
>
> There is a windows version that is still around do a google
> for nbtscan. You can scann a whole subnet, or just a single
> ip. Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: "Jason L. Ellison" <infotek@datasync.com>
> Date: Thu, 31 Aug 2006 13:53:08
> To:Matthew Leeds <mleeds@theleeds.net> Cc:pen-test@securityfocus.com
> Subject: Re[2]: locate windows workstation if you know the username
>
> on Unix nbtscan/nbtstat will do something like this. It
> dumps the machine name, username, domain/workgroup and MAC
> address. I used to run it daily and archive the output to
> see where users normaly logon. The one I used was written in
> C. I had to add an alarm to it so it would timeout for host
> not responding.
>
> -Jason Ellison
>
> On Thu, 31 Aug 2006, Matthew Leeds wrote:
>
> > For the terminally lazy, you might Google TCPNetView. This
> GUI utility
> > will give you both the IP address and MAC address.
> >
> > ----------
> > ---Matthew
> > *********** REPLY SEPARATOR ***********
> >
> > On 8/30/2006 at 1:05 PM Mike Sues wrote:
> >
> > >Hello,
> > >
> > >if they're using WINS, send a NetBIOS name
> > >request for the username, netbios service 03
> > >(i.e. messenger service) to the WINS server.
> > >It will respond with the IP of the host registered
> > >to the user's workstation.
> > >
> > >--------------------------------------------
> > >Mike Sues, GCIH
> > >CEO & Ethical Hack Specialist
> > >Rigel Kent Security & Advisory Services Inc
> > >http://www.rigelksecurity.com voice:613.233.HACK
> > >fax :613.233.1788
> > >toll
> > >free :1.877.777.H8CK
> > >--------------------------------------------
> > >
> > >
> > >-----Original Message-----
> > >From: offset [mailto:offset@ubersecurity.org]
> > >Sent: Wednesday, August 30, 2006 1:34 AM
> > >To: pen-test@securityfocus.com
> > >Subject: locate windows workstation if you know the username
> > >
> > >
> > >Greetings fellow pen-testers,
> > >
> > >Looking for ideas on tracking down a windows workstation
> if you know
> > >the username.
> > >
> > >I know that if I run net send username "" I can
> tell that the user
> > >is online without the message box popping up on their machine
> > >(usually), but I'd like to know which workstation a
> particular user
> > >is at for a targeted arp spoofing attack against a client.
> > >
> > >-off
> > >
> >
> >---------------------------------------------------------------------
> > >---
> >
> >
> >
> >
> ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php
> >
> ----------------------------------------------------------------------
> > --
> >
> >
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for
> FREE. http://www.cenzic.com/products_services/download_hailstorm.php
> --------------------------------------------------------------
> ----------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: ballares@gmail.com: "RE: User group tool"
• Previous message: Hanif Bin Abdul Ghani: "RE: User group tool"
• Maybe in reply to: Jason L. Ellison: "Re[2]: locate windows workstation if you know the username"
• Next in thread: Steve Friedl: "Re: locate windows workstation if you know the username"
• Reply: Steve Friedl: "Re: locate windows workstation if you know the username"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:57 EDT