![Using nbtstat to View Who Is Logged into a Computer](https://www.techietalks.online/wp-content/uploads/2018/04/Using-nbtstat-to-View-Who-Is-Logged-into-a-Computer.png)
Black Hat
Using nbtstat to View Who Is Logged into a Computer
Using nbtstat to View Who is Logged into a Computer: In this exercise we will use nbtstat to determine who is logged into a remote computer.
- At the Windows command prompt enter the command nbtstat –a followed by the name of the computer you want to examine.
- If the port is open, the service running, and the machine available, you should see results similar to the following.
In this example we assume a machine with the name “aperture.”
NetBIOS Remote Machine Name Table
Name | Type | Status |
APERTURE | <03> | UNIQUE |
LCEDROS | <03> | UNIQUE |
APERTURE | <00> | UNIQUE |
WORKPLACE | <00> | GROUP |
APERTURE | <20> | UNIQUE |
- Examine the list and note that under the Type heading we have a mixture of <03> records and others.
The user account will be identified by an <03> label and nothing else.
Since we know the machine name is APERTURE, it’s not hard to single out the <03> record LCEDROS as a username logged into the system.