Network Security: Detailed info on Null Session

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Null Session

from [Wbsony] Network Security

[Permanent Link]

Subject:	Null Session
Date:	Sun, 6 Mar 2005 23:54:52 +1100

Hi all,

Recently, I did some testing on Windows hosts, and found things that confused me.

When I ran:

c:\>net use \\host\IPC$ "" /u:administrator
The command completed successfully.

It was successful, then I can connect to the registry of that particular host remotely.

At first, I thought it was because administrator's password was simply empty password. However, when I ran similar command, with user name that didn't exist in the system, same result occured:

c:\>net use \\host\IPC$ "" /u:blablabla
The command completed successfully.

I thought maybe just null session issues, but the null session connection was unsuccessful:

net use \\host\IPC$ "" /u:""

(Sorry, I forgot the actual results shown, some kind of 'error occured' message).


Anybody encountered this situation before and could enlighten me?

Thanks in advance, Wbsony

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Null Session, Wbsony <= Re: Null Session, H D Moore Avoiding Postfix Fingerprinting, Isidro Labrador Re: Avoiding Postfix Fingerprinting, Joachim Schipper Re: Avoiding Postfix Fingerprinting, Javier Fernandez-Sanguino Re: Avoiding Postfix Fingerprinting, Olivier Fauchon Re: Avoiding Postfix Fingerprinting, Michel Arboi Re: Avoiding Postfix Fingerprinting, Michel Arboi

Previous by Date:	Re: eBanking Security Testing (network and application) Methodology Released, Yuri Demchenko
Next by Date:	Re: Testing large networks, Davi Ottenheimer
Previous by Thread:	Testing large networks, Dan Rogers
Next by Thread:	Re: Null Session, H D Moore
Indexes:	[Date] [Thread] [Top] [All Lists]