Created
February 19, 2010 16:53
-
-
Save anonymous/308889 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[#soggies 15:39] <james> Last-Logon Attribute | |
[#soggies 15:40] <james> The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond i | |
ntervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown. | |
[#soggies 15:40] <james> because they may have logged in on Jan 2, 1601... | |
[#soggies 15:47] <jamison> james: I have a script that does bigmath on that value. | |
[#soggies 15:47] <jamison> because that value is a bitch | |
[#soggies 15:49] <james> perl? | |
[#soggies 15:49] <jamison> of course | |
[#soggies 15:50] <james> gist? | |
[#soggies 15:50] <jamison> sure. one second | |
[#soggies 15:50] <james> cool. I was writing one... :) | |
[#soggies 15:50] <jamison> also, you want to be checking lastLogonTimestamp if you have a fully integrated W2K3 domain. | |
[#soggies 15:50] <james> yeah, I'm looking at the things that bit us. | |
[#soggies 15:50] <jamison> Because lastLogon is separate on every DC. lastLogonTimestamp is replicated between all DCs | |
[#soggies 15:50] <james> did you read above? | |
[#soggies 15:51] <jamison> http://gist.github.com/231309 | |
[#soggies 15:51] <crunchy> http://tumble.wcyd.org/irclink/?10396 | |
[#soggies 15:51] <james> jamison: how long does it take to pwn a DC with anon_bind+usernames==passwords+not_NTLMv2? | |
[#soggies 15:51] <jamison> the lastLogonTimestamp is the same value, just replicated. | |
[#soggies 15:51] <jamison> yeah, I read the above. funny stuff. | |
[#soggies 15:51] <james> thanks, yo. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment