?
Solved

Obtain IP from username

Posted on 2003-02-19
17
Medium Priority
?
327 Views
Last Modified: 2012-06-21
How can you remotely get the IP of a user on just that users username on a windows network, without that user knowing? This is easy if you use net send then look at you connection table (netstat), but then the user knows. Their is no admin access to domain controlers either, you must be a normal user.
0
Comment
Question by:cyanic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +4
17 Comments
 

Author Comment

by:cyanic
ID: 7983625
I just figured it out

net send <username> ""

this establishes the connection, but does not popup anything on their screen. If anyone else can find another solution, I will give them the whopping 75 points.
0
 
LVL 4

Expert Comment

by:daletian
ID: 7983683
try the finger command as well

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7984056
That is next to impossible. A user can be logged in almost anywhere on the network. If you know their computer name it is much easier. What exactly is it that you are tying to accomplish? Wanting to be a little sneaky?

0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 

Author Comment

by:cyanic
ID: 7984225
Sneaky, yes. I do IT security on a 13,000+ computer network. Our naming convention should have the user's name as part of the NetBIOS name, but this is not always the case. We also don’t want to ask, or wait for the domain admins to get it for us. We also don't want the user to know we just need their IP so we can thumb through their URL logs when someone tells us the user has been surfing porn.

The net send / netstat hack works great for getting the computer name and then IP.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7984719
If you have that large of a network you might want to look at something like Websense to monitor web traffic.

http://www.websense.com

0
 
LVL 2

Expert Comment

by:NEOsporin
ID: 7985049
Or network scanners- GFI Languard: http://www.gfi.com/lannetscan/
That is a little reverse of what your asking, it obtains the ip 1st, then the username. Another good util, among his many: http://ntsecurity.nu/toolbox/winfo/
Firewall log's, and some grep'ing can narrow porn finding down.
0
 
LVL 2

Expert Comment

by:VincentWong
ID: 7985774
if the user disabled the messager service, is it still possible to get the IP?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7987697
The information is in WINS all you need is to be able to request it (as NET SEND does).  Sure I've got an example somewhere, will have a look.

I'd do it the other way around normally.... put a line in the login script along the lines of

echo %USERNAME% %MACHINENAME% >> \\server\share\%username%.txt
echo %USERNAME% %MACHINENAME% >> \\server\share\%machinename%.txt

(actually I use a small Auto-It script which also records the use by date, PC, OS, and User).

but of course you can't do that if not an admin but as a one off change it gets you the info you need maybe you could get it implemented?

Auto-It script below.

regards

Steve


;This script logs the usage of PC's as they login.  Data is recorded by date, user, PC, and OS.  Works for NT/2K for username, if win9x aswell need to get from registry and/or aswell and/or use PUTINENV.EXE

RegRead,CompName,REG_SZ,HKEY_LOCAL_MACHINE,System\\CurrentControlSet\\control\\ComputerName\\ComputerName,ComputerName

  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\USER\\%username%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\PC\\%compname%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\DATE\\%A_YEAR%-%A_MON%-%A_MDAY%.txt
  FileAppend, %A_YEAR%-%A_MON%-%A_MDAY% %A_HOUR%:%A_MIN%:%A_SEC% - %A_OSVERSION% - %COMPNAME% - %USERNAME%\n, \\\\server\\root\\info\\OS\\%A_OSVERSION%.txt

This produces three output files, ie:

2002-02-14 14:48:41 - WIN_2000 - MANGALORE - stevek

Auto-It : http://www.hiddensoft.com/autoit/
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7987741
Here you go...

http://www.clever-consulting.com/docs/finduser.html

This is a batch file script using the WINSCL.EXE tool found in the NT resource kit (downloadable from MS here
http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp )

Supply it a username and it will give out an IP address querying the WINS database (assuming you are using WINS on the network still, this is where NET SEND gets it from).

hth

Steve
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7988539
Nice one, Steve!
0
 

Author Comment

by:cyanic
ID: 7989031
winscl is not working for me.

qn            - query name
joeuser       - username
1             - yes for 16th char
03            - 16th char for username
0             - no scope

After pressing enter for no scope i get
Status returned is (FAILURE - 5)

I am using 2000 server Resource kit on a 2000 pro with the winrpc.dll copied from a server box. I don't have any special rights to the Wins server.
0
 

Author Comment

by:cyanic
ID: 7989275
VincentWong,

Yes this will still work if the user turns off the messenger service. You will just get an error instead of a success.

Q: What happens if the user is logged into more than one machine?

A: The message only goes to the first machine the user logged into.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 7992511
>>Q: What happens if the user is logged into more than one machine?

That will be the same with a WINS query aswell of course since you can only register the name once ...

I don't run WINS on my home network so it is a little difficult to test here (which is why I didn't before I posted).  Did you try the finduser batch file or just the command line tool directly?

Steve
0
 

Author Comment

by:cyanic
ID: 7995480
Yes I used the command line tool, I looked at the batch file to see what options to use. All the other commands within the tool yielded the same result "FAILURE - 5" I guess I should research what a failure 5 means, I guessing its access denied.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 300 total points
ID: 7995821
"This program can be executed from any NT/W2K/XP client, but it needs to be executed under the security context of an account which has Administrator permissions on the WINS servers ..... shows Error 5 access denied for a server, see that you account is added to the administrators group in order to have the program explore that server and beyond."

So it looks like WINSCL needs admin rights... typical :-)

It /has/ to be possible to query WINS though as a user!

Steve
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9864229
No comment has been added lately, so it's time to clean up this TA.            
I will leave a recommendation in the Cleanup topic area that this question is:            

Answered by: dragon-it            

Please leave any comments here within the next seven days.            

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!            

JulianCrawford            
EE Cleanup Volunteer
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question