Hoping that someone can help me remember what this exploit was or how it is run. I'm trying show my boss that this vulnerability exists but he is skeptical and I know that I've done it before but it was a couple of years back.... We are running W2K terminal server and this box is behind a firewall but accessible from the internet. There is an exploit out there that can be run against the machine's external IP that will return all local accounts active on that server. Does anyone know what I'm referring to?