I would like to connect remotely to a machine. I know the IP address and I know the password associated to my username but I forgot my username.
Is it possible to list all usernames of a machine knowing only the IP address or would this represent a security issue?
I am on MAC OS X 10.11.3. The remote machine also runs on a recent MAC OS X version.
This would be an extreme security violation. There was a time when we could trust most of the users on the internet, but that time has long gone.
Spammers would love to have that ability so that they could better direct their spam. Instead they often resort to old lists containing user-ids deactivated over a decade ago.
Crackers would love to have that ability so they could try to login to known accounts. Given that many people use extremely simple passwords, this would make their life so much easier.
A list of valid users would make social engineering a break-in so much easier. It is often still relatively easy.
However, if you have legitimate access to a server, there are a number of ways you can get a list of valid (if not necessarily active) userids.
As mentioned, if it would be possible, it would be a security issue.
Unfortunately, recently there was one, CVE-2015-8325, which allowed to check the user existence on the remote server based on the timing attack. It is possible that OS X does not have it fixed yet?
Footnote: Do not try this in production and on public servers! If you are the owner of the server, it is fine to try the script enclosed to the mail. But doing this against servers of others might be considered as a hacking attempt.
Yes it‘s possiable to get the username via the IP address.
You can have a try of this this: wmic.exe /node:IP-or-HostName ComputerSystem Get UserName
it works for me!
