Author Posts

June 4, 2018 at 5:13 am

Hi Folks,
Is there a way of extracting the user details of all subsystems (OS and the applications installed on them)?
My issue is to extract the user details of the OS ( has been fixed). I need to find the user credentials for applications hosted on the OS like IIS for an example.
Also the OS are different.. Linux, AIX, Windows.

Any help will be highly appreciated.
Thanks.

June 4, 2018 at 5:29 am

Where is the code that you have tried and that is not working or having errors?
What user details?
What do you mean user creds?

You cannot get user passwords. You can get user profile information. Apps in general, on Windows are assigned to the machine, only settings are applied to a user.

There is no canned way to do this. Each OS stores its user data differently and you need to know how that it even before you'd begin this task.

If you are after IIS info, that is what the WebAdministration module on IIS is for.

So, break your task into steps. Example:
Attack each step one at a time to be sure you are getting what you need.
Where is user info stored – try and get to it locally first, then remotely
Where is app information stored – try and get to it locally first, then remotely
Where is user app config stored – try and get to it locally first, then remotely
Where is app service information stored. – try and get to it locally first, then remotely
Stream line into a script. – try and get to it locally first, then remotely

June 4, 2018 at 3:44 pm

What have you tried so far? Maybe this would help:

get-process -includeusername

June 4, 2018 at 10:33 pm

8^}
Nope that does not help. All that does is get whatever processes are currently running on the user system.

Yes, this will tell you what apps (in a process) are running and the user who is using it, but that is not what you post is asking for.

For example, on IIS, it will always shows as the app identity configured for the IIS app, not the user using the app. To determine if a user is using an IIS app, you have to look to the dev to trap for that, or look at event log info on log on attempts for the IIS app.

So, again, you really need to step back a moment and identify all the particulars in order that you are after and attack them one at a time.