million dollar question!
Results 1 to 6 of 6

Thread: million dollar question!

  1. #1
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648

    Question million dollar question!

    OK for a million fack dollars

    What is a Null Session?
    Share on Google+

  2. #2
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    AFAIK a Null Session is a term used to describe a certain state of connection where you haven't authenticated or anything, but you can still see stuff. For instance, you can use the DOS command 'Net View' (Yes, I know that the 'view' part is actually an arguement, not the command...) on another computer (with shares, Netbios, same network, etc) and it will show you information on windows shares. But you haven't authenticated or anything have you?

    Basically it means that you're connected, and you can see some potentially interesting things, but you aren't authenticated or identified.
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  3. #3

    Post Re: Million Dollar Question

    Well, for one million fact points i thought i'd take a stab at it.
    i decided to look up the proper definition of what null session is. I have also included the source for this article at the bottom of this post in case anyone was interesed in reading more about null sessions and acknowledge where this reply came from.

    Microsoft Windows machines allow remote users to log in remotely (or via their domain) to a server in order to use a shared resource, such as a printer or shared directory. Once a user is logged in, their connection to the remote machine is referred to as a "session".

    Microsoft Windows Servers run many services and programs. Some of these services need to communicate with other Windows Servers in order to complete their tasks. Sometimes, a Windows server needs to create a "session" with another Windows server. In some cases, a Windows server will login to a remote Windows Server using a blank username and password. This is referred to as a "Null Session".

    Unfortunately, a number of hackers have learned that they also can login to some remote Windows Servers using a blank username and password. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as exploiting the "Null Session Vulnerability"...

    The full article and a Null session scanner can be obtained from the author(s) of this article from this link: http://www.lokboxsoftware.com/help/h...ullSession.htm

    Do i get the million fact points?

    Remote_Access_
    Share on Google+

  4. #4
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648

    congrads to you two

    yes you are both right and you also get extra points for he link.

    there will be more questions like this in the near future.
    Share on Google+

  5. #5
    Member
    Join Date
    Sep 2001
    Posts
    42
    First, to do anything, the computer must have Windows NT/2000 running with port 139 open.

    net use \\IP ADDRESS\IPC$ " " /u: " "

    Use your imagination from there.
    Its not very common anymore since the service packs for NT have made it easier to turn off null sesions.

    For those who find it too hard to type all that (whew!) I've attatched RedButton for your enjoyment.

    :o) Have a nice day!
    Share on Google+

  6. #6
    Member
    Join Date
    Sep 2001
    Posts
    42
    First, to do anything, the computer must have Windows NT/2000 running with port 139 open.

    net use \\IP ADDRESS\IPC$ " " /u: " "

    Use your imagination from there.
    Its not very common anymore since the service packs for NT have made it easier to turn off null sesions.

    For those who find it too hard to type all that (whew!) I've attatched RedButton for your enjoyment.

    :o) Have a nice day!
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides