Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Obtain IP from username

Posted on 2003-02-19
17
Medium Priority
?
334 Views
Last Modified: 2012-06-21
How can you remotely get the IP of a user on just that users username on a windows network, without that user knowing? This is easy if you use net send then look at you connection table (netstat), but then the user knows. Their is no admin access to domain controlers either, you must be a normal user.
0
Comment
Question by:cyanic
  • 5
  • 4
  • 3
  • +4
16 Comments
 

Author Comment

by:cyanic
ID: 7983625
I just figured it out

net send <username> ""

this establishes the connection, but does not popup anything on their screen. If anyone else can find another solution, I will give them the whopping 75 points.
0
 
LVL 4

Expert Comment

by:daletian
ID: 7983683
try the finger command as well

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7984056
That is next to impossible. A user can be logged in almost anywhere on the network. If you know their computer name it is much easier. What exactly is it that you are tying to accomplish? Wanting to be a little sneaky?

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:cyanic
ID: 7984225
Sneaky, yes. I do IT security on a 13,000+ computer network. Our naming convention should have the user's name as part of the NetBIOS name, but this is not always the case. We also don’t want to ask, or wait for the domain admins to get it for us. We also don't want the user to know we just need their IP so we can thumb through their URL logs when someone tells us the user has been surfing porn.

The net send / netstat hack works great for getting the computer name and then IP.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7984719
If you have that large of a network you might want to look at something like Websense to monitor web traffic.

http://www.websense.com

0
 
LVL 2

Expert Comment

by:NEOsporin
ID: 7985049
Or network scanners- GFI Languard: http://www.gfi.com/lannetscan/
That is a little reverse of what your asking, it obtains the ip 1st, then the username. Another good util, among his many: http://ntsecurity.nu/toolbox/winfo/
Firewall log's, and some grep'ing can narrow porn finding down.
0
 
LVL 2

Expert Comment

by:VincentWong
ID: 7985774
if the user disabled the messager service, is it still possible to get the IP?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7987697
The information is in WINS all you need is to be able to request it (as NET SEND does).  Sure I've got an example somewhere, will have a look.

I'd do it the other way around normally.... put a line in the login script along the lines of

echo %USERNAME% %MACHINENAME% >> \\server\share\%username%.txt
echo %USERNAME% %MACHINENAME% >> \\server\share\%machinename%.txt

(actually I use a small Auto-It script which also records the use by date, PC, OS, and User).

but of course you can't do that if not an admin but as a one off change it gets you the info you need maybe you could get it implemented?

Auto-It script below.

regards

Steve


;This script logs the usage of PC's as they login.  Data is recorded by date, user, PC, and OS.  Works for NT/2K for username, if win9x aswell need to get from registry and/or aswell and/or use PUTINENV.EXE

RegRead,CompName,REG_SZ,HKEY_LOCAL_MACHINE,System\\CurrentControlSet\\control\\ComputerName\\ComputerName,ComputerName

  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\USER\\%username%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\PC\\%compname%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\DATE\\%A_YEAR%-%A_MON%-%A_MDAY%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\OS\\%A_OSVERSION%.txt

This produces three output files, ie:

2002-02-14 14:48:41 - WIN_2000 - MANGALORE - stevek

Auto-It : http://www.hiddensoft.com/autoit/
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7987741
Here you go...

http://www.clever-consulting.com/docs/finduser.html

This is a batch file script using the WINSCL.EXE tool found in the NT resource kit (downloadable from MS here
http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp )

Supply it a username and it will give out an IP address querying the WINS database (assuming you are using WINS on the network still, this is where NET SEND gets it from).

hth

Steve
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7988539
Nice one, Steve!
0
 

Author Comment

by:cyanic
ID: 7989031
winscl is not working for me.

qn            - query name
joeuser       - username
1             - yes for 16th char
03            - 16th char for username
0             - no scope

After pressing enter for no scope i get
Status returned is (FAILURE - 5)

I am using 2000 server Resource kit on a 2000 pro with the winrpc.dll copied from a server box. I don't have any special rights to the Wins server.
0
 

Author Comment

by:cyanic
ID: 7989275
VincentWong,

Yes this will still work if the user turns off the messenger service. You will just get an error instead of a success.

Q: What happens if the user is logged into more than one machine?

A: The message only goes to the first machine the user logged into.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7992511
>>Q: What happens if the user is logged into more than one machine?

That will be the same with a WINS query aswell of course since you can only register the name once ...

I don't run WINS on my home network so it is a little difficult to test here (which is why I didn't before I posted).  Did you try the finduser batch file or just the command line tool directly?

Steve
0
 

Author Comment

by:cyanic
ID: 7995480
Yes I used the command line tool, I looked at the batch file to see what options to use. All the other commands within the tool yielded the same result "FAILURE - 5" I guess I should research what a failure 5 means, I guessing its access denied.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 300 total points
ID: 7995821
"This program can be executed from any NT/W2K/XP client, but it needs to be executed under the security context of an account which has Administrator permissions on the WINS servers ..... shows Error 5 access denied for a server, see that you account is added to the administrators group in order to have the program explore that server and beyond."

So it looks like WINSCL needs admin rights... typical :-)

It /has/ to be possible to query WINS though as a user!

Steve
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9864229
No comment has been added lately, so it's time to clean up this TA.            
I will leave a recommendation in the Cleanup topic area that this question is:            

Answered by: dragon-it            

Please leave any comments here within the next seven days.            

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!            

JulianCrawford            
EE Cleanup Volunteer
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question