November 7th, 2002, 09:55 PM
question about Null sessions
I did a scan against one of my local machines and it shows a null session able to be establish to a certain folder on that machine. Now my question is as followed, how is a null session a security problem? Helps ppl gather information?
November 7th, 2002, 10:04 PM
Microsoft Windows Servers run many services and programs. Some of these services need to communicate with other Windows Servers in order to complete their tasks. Sometimes, a Windows server needs to create a "session" with another Windows server. In some cases, a Windows server will login to a remote Windows Server using a blank username and password. This is referred to as a "Null Session".
Unfortunately, a number of hackers have learned that they also can login to some remote Windows Servers using a blank username and password. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as exploiting the "Null Session Vulnerability".
You can get additional Information on Null Sessions HERE
November 7th, 2002, 10:37 PM
Being able to establish a null session doesn't actually let them do very much, but they can enumerate shares etc, which is revealing information you possibly don't want them to have.
On windows NT 3.5 you used to be able to write to the registry with null sessions which was a risk. This was rectified a long time ago.
November 8th, 2002, 07:05 AM
oh well, being able to enumerate user accounts is still a "main goal" of null sessions, since it makes brute-forcing quite easy (`specially if you have weak passes)
Nevertheless, "patching" can be done quickly
either this way:
or simply put
c:\WINNT\system32\net.exe share IPC$ /DELETE /Y
into your "run" key in the winreg (theres also an official winreg fix for automated shares) . But as said in the link - be careful with those settings since they can heavily influence network connectivity !