Enumerate SID from User ID

Prerequisites: NULL Session

Every account on a Windows computer has a Security Identifier (SID). SIDs are static for the machine the user accounts are installed on. The USER2SID application is used to enumerate the SID from a given username. Once the SID has been identified the username can be enumerated regardless of what the user account has been renamed (covered in Lab 11).

First establish a NULL session. From a DOS prompt type the following syntax:

user2sid <\\Target IP Address> account name

The computer name is optional with this utility. If none is given the local computer is used.

Suppose the target IP address is 172.16.1.40 and the target account name is Administrator.

In this example the username of the Administrator:

• Has a SID of 5-21-1220945662-1343024091-854245398. (The S-1 and number at the end, in this case 500, is not part of the SID.)
  
• Is in the WIN2000S-V domain.

---Regards,
Amarjit Singh