From: Lee Lawson (leejlawson@gmail.com)
Date: Mon Jan 08 2007 - 03:52:32 EST
Michael,
That depends on what you were intending to do with the null session?
Mostly it is used for Microsoft Windows enumeration of accounts,
account settings and shares.
If the Windows system has the restrictanonymous (restrictanonymoussam
for XP) registry setting configured at value zero, you can use the
null session to retrieve a list of usernames (local and domain if a
domain controller) but you have to use tools like DumpSec to parse the
data.
If the Windows system has the restrictanonymous setting at value 1,
then you cannot use the null session and DumpSec to retrieve that
data. You will have to use a SID scanner to retrieve the information.
There are a few out there but my favourites are 'Cain & Abel' and
GetAcc. They do not need the registry setting of zero to retrieve the
list of usernames from the target system.
If the Windows system has the restrictanonymous setting at value 2,
then you will need explicit permissions to enumerate the SAM database
and this is only given to the Administrator accounts by default.
If you are after other enumeration attacks, have a look at SNMP,
Finger, SMTP etc. Also there are other paths such as Apache used to
give different errors if you attempted to access a valid users home
directory or a invalid users directory.
Then we can start on LDAP (Active Directory) enumeration. If you have
a valid account on the AD, you may be able to use LDP.exe (from
Microsoft) to enumerate the whole database if you have pre-Windows
2000 compatability configured.
If you are wanting the null session for any other reason, they I don't
think anything else will do.
later,
On 1/5/07, Michael J Condon <mjc001@jjuno.com> wrote:
> What alternatives are there to the "Holy Grail" null session
> (net use \\ipaddress\IPC$ "" /user:"") if this method does not work?
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- Lee J Lawson leejlawson@gmail.com leejlawson@hushmail.com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:31 EDT