Black Hat

Using nbtstat to View Who Is Logged into a Computer

Using nbtstat to View Who is Logged into a Computer: In this exercise we will use nbtstat to determine who is logged into a remote computer.

  1. At the Windows command prompt enter the command nbtstat –a followed by the name of the computer you want to examine.

 

  1. If the port is open, the service running, and the machine available, you should see results similar to the following.

    In this example we assume a machine with the name “aperture.”

    NetBIOS Remote Machine Name Table
Name Type Status
APERTURE <03> UNIQUE
LCEDROS <03> UNIQUE
APERTURE <00> UNIQUE
WORKPLACE <00> GROUP
APERTURE <20> UNIQUE
  1. Examine the list and note that under the Type heading we have a mixture of <03> records and others.

    The user account will be identified by an <03> label and nothing else.

    Since we know the machine name is APERTURE, it’s not hard to single out the <03> record LCEDROS as a username logged into the system.

 

Related Articles

Leave a Reply

Back to top button