After seeing this:
Using Nmap to extract Windows host and domain information via RDP
# Nmap 7.70SVN scan initiated Fri Jun 14 13:57:47 2019 as: nmap -p 3389 --script rdp-ntlm-info -oout 192.168.200.0/24
Nmap scan report for wolfsbane (192.168.200.1) # router, runs a (likely ancient) Samba + accompanying auth
Host is up (0.00022s latency).
PORT STATE SERVICE
3389/tcp closed ms-wbt-server
MAC Address: 60:38:E0:77:F0:61 (Belkin International)
Nmap scan report for DESKTOP-GOO4FB1 (192.168.200.13) # Slightly aging desktop, runs win 10 preview build, set to "weekly or so" updates
Host is up (0.00011s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 00:0F:FE:EB:D0:3F (G-pro Computer)
<several unrelated devices deleted>
Nmap scan report for LAPTOP-UR57MFD8 (192.168.200.156) # Fujitsu touchscreen/wacom tablet laptop for ZBrush/Photoshop, runs Win 10 Home, defaults on everything. Supposed to be legit upgraded from Vista, but if it gave me crap about it, it's cracked. I don't remember how it went.
Host is up (0.038s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 90:CD:B6:70:50:02 (Hon Hai Precision Ind.)
<more devices deleted>
# ---- TehEdn
# There's at least three more laptops with Win 10, one of which is booted and running right now. Win 10 Home OEM (legit came installed on it - I've done nothing afaik). The two others are very similar to the Fujisu, but they're very likely asleep/off.
# That sucked, so Redo, after I flip on RDP on the Desktop (I remember turning it off specifically, not sure why the others are off).
root@joe:~# nmap -p 3389 --script rdp-ntlm-info 192.168.200.13
Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-06-14 14:11 UTC
Nmap scan report for DESKTOP-GOO4FB1 (192.168.200.13)
Host is up (0.00022s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 00:0F:FE:EB:D0:3F (G-pro Computer)
Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
# Huh? Perhaps it's the internal firewall thing. <check> Doesn't seem to be - 3389 has two rules - allow any TCP and allow any UDP. Trying to RDP to myself, it complains that I have a console up to the "remote comnputer" already.
#
# Installed "rdesktop" and attempted to connect, which timed out (very slowly) so perhaps something is blocked on another level somehow.
#
# nmap (and rdesktop/X) here runs on Ubuntu 18.04.2 LTS. Nothing particularly out of the ordinary on it, has X (xfce desktop) and virtualbox, both sort of unusual but not rare, has docker (exec environment, for dev/test, nothing running in it). nmap is Nmap 7.70SVN, built from repo linked in the article ("./configure && make && make install", added flex and libpcap (this is a *really* green install, used to be alpine, couldn't run vbox) and reran, built 2nd pass).
#
# So I dunno - I'm probably messing something up, might mess w/ more later.
root@joe:~# cat out
# Nmap 7.70SVN scan initiated Fri Jun 14 13:57:47 2019 as: nmap -p 3389 --script rdp-ntlm-info -oout 192.168.200.0/24
Nmap scan report for wolfsbane (192.168.200.1) # router, runs a (likely ancient) Samba + accompanying auth
Host is up (0.00022s latency).
PORT STATE SERVICE
3389/tcp closed ms-wbt-server
MAC Address: 60:38:E0:77:F0:61 (Belkin International)
Nmap scan report for DESKTOP-GOO4FB1 (192.168.200.13) # Slightly aging desktop, runs win 10 preview build, set to "weekly or so" updates
Host is up (0.00011s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 00:0F:FE:EB:D0:3F (G-pro Computer)
<several unrelated devices deleted>
Nmap scan report for LAPTOP-UR57MFD8 (192.168.200.156) # Fujitsu touchscreen/wacom tablet laptop for ZBrush/Photoshop, runs Win 10 Home, defaults on everything. Supposed to be legit upgraded from Vista, but if it gave me crap about it, it's cracked. I don't remember how it went.
Host is up (0.038s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 90:CD:B6:70:50:02 (Hon Hai Precision Ind.)
<more devices deleted>
# ---- TehEdn
# There's at least three more laptops with Win 10, one of which is booted and running right now. Win 10 Home OEM (legit came installed on it - I've done nothing afaik). The two others are very similar to the Fujisu, but they're very likely asleep/off.
# That sucked, so Redo, after I flip on RDP on the Desktop (I remember turning it off specifically, not sure why the others are off).
root@joe:~# nmap -p 3389 --script rdp-ntlm-info 192.168.200.13
Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-06-14 14:11 UTC
Nmap scan report for DESKTOP-GOO4FB1 (192.168.200.13)
Host is up (0.00022s latency).
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
MAC Address: 00:0F:FE:EB:D0:3F (G-pro Computer)
Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
# Huh? Perhaps it's the internal firewall thing. <check> Doesn't seem to be - 3389 has two rules - allow any TCP and allow any UDP. Trying to RDP to myself, it complains that I have a console up to the "remote comnputer" already.
#
# Installed "rdesktop" and attempted to connect, which timed out (very slowly) so perhaps something is blocked on another level somehow.
#
# nmap (and rdesktop/X) here runs on Ubuntu 18.04.2 LTS. Nothing particularly out of the ordinary on it, has X (xfce desktop) and virtualbox, both sort of unusual but not rare, has docker (exec environment, for dev/test, nothing running in it). nmap is Nmap 7.70SVN, built from repo linked in the article ("./configure && make && make install", added flex and libpcap (this is a *really* green install, used to be alpine, couldn't run vbox) and reran, built 2nd pass).
#
# So I dunno - I'm probably messing something up, might mess w/ more later.