Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how to detect the currently logged in Windows user?

from [David Jacobs] Network Security [Permanent Link]
Subject: Re: how to detect the currently logged in Windows user?
Date: Tue, 29 Jul 2008 10:46:42 -0400 
We at Tenable use a similar method.  I wrote a simple NASL that gets
DefaultUserName.  It uses SMB to login and get registry access, then
just grabs DefaultUserName from the registry.  This works on all our
corporate laptops, won't work well on mulit-user systems such as an
AD or Exchange Server. We added this NASL to our OS ID scan, and then
we use Security Center's Asset List functionality to create an asset
list for each user.

key = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"; item = 
"DefaultUserName";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); if ( ! 
isnull(key_h) ) {
   value = RegQueryValue(handle:key_h, item:item);
if (value[1] != "") && (value [1] != NULL){
   rep = "DefaultUserName:" + value[1];
   security_note (port, data:rep);
   RegCloseKey(handle:key_h);



David Jacobs
Tenable Network Security


Doug Nordwall wrote:

Try grabbing the registry key 
HKey_current_user/Software/Microsoft/Windows/Explorer/Logon User Name. 
One of the other registry reading scripts can tell you how to grab a 
registry key more generically.

give me a shout if that works... that'll actually be a decent one. I 
don't know how it will behave on a  terminal server though.

On Mon, Jul 28, 2008 at 7:04 PM, Jason Haar <Jason.Haar@trimble.co.nz 
<mailto:Jason.Haar@trimble.co.nz>> wrote:

    Hi there

    Nessus-3.2.1 doesn't appear to log the domain\username account details
    on remote Windows machines. I don't know about anyone else, but we'd
    love to know that - so that we can track machines back to owners.

    Can it be done? I've had a go with some WMI scripts - but no luck so
    far :-(

    Thanks!

    --
    Cheers

    Jason Haar
    Information Security Manager, Trimble Navigation Ltd.
    Phone: +64 3 9635 377 Fax: +64 3 9635 417
    PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

    _______________________________________________
    Nessus mailing list
    Nessus@list.nessus.org <mailto:Nessus@list.nessus.org>
    http://mail.nessus.org/mailman/listinfo/nessus




-- 
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott 
Stone, on MMORPGs


------------------------------------------------------------------------

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to detect the currently logged in Windows user?, Doug Nordwall
Next by Date:  html_graph, Scott Pate
Previous by Thread:  Re: how to detect the currently logged in Windows user?, Doug Nordwall
Next by Thread:  html_graph, Scott Pate
Indexes:  [Date] [Thread] [Top] [All Lists]