From: pand0ra (pand0ra.usa@gmail.com)
Date: Sun Jan 07 2007 - 01:29:51 EST
The ability to use null session is directly liked to this Win2k
registry setting (give or take the OS):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
If this setting is disabled then (as far as I know) you will not be
able to enumerate any system information using the null session
method. Null sessions are used for anonymous users, kind of similar to
the IUSR account for IIS. As far as I know (or that I can think of
ATM), there is no other method that can do the same thing as a null
session (without conducting an attack).
On 1/5/07, Michael J Condon <mjc001@jjuno.com> wrote:
> What alternatives are there to the "Holy Grail" null session
> (net use \\ipaddress\IPC$ "" /user:"") if this method does not work?
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:31 EDT