From: xenolith@hushmail.com
Date: Thu Jul 25 2002 - 12:36:31 EDT
I was on an internal pentest recently where I had the following curious situation and wondered if anyone had any insight as to what may have caused it.
I used gnit.exe to attempt to enumerate the users shares etc on a Win2k DC via a null session.
This only partially worked in that I got the NBTSTAT info back and the SHARE info but NOT the user or group information.
I was able to get the userlist via RID cycling but I was curious as to why this happened.
Other Win2K boxes on the network (non DC) gave up everything A ok.
Now in my experience if they had RestrictAnonymous set then I would not have got the share information back !
They were all SP2 and had SP2SRP1 installed.
Any help greatly appreciated.
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT