Results 1 to 4 of 4

Thread: question about Null sessions

  1. #1
    Junior Member
    Join Date
    Sep 2002
    Posts
    14

    question about Null sessions

    I did a scan against one of my local machines and it shows a null session able to be establish to a certain folder on that machine. Now my question is as followed, how is a null session a security problem? Helps ppl gather information?

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Microsoft Windows Servers run many services and programs. Some of these services need to communicate with other Windows Servers in order to complete their tasks. Sometimes, a Windows server needs to create a "session" with another Windows server. In some cases, a Windows server will login to a remote Windows Server using a blank username and password. This is referred to as a "Null Session".

    Unfortunately, a number of hackers have learned that they also can login to some remote Windows Servers using a blank username and password. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as exploiting the "Null Session Vulnerability".

    You can get additional Information on Null Sessions HERE



    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Being able to establish a null session doesn't actually let them do very much, but they can enumerate shares etc, which is revealing information you possibly don't want them to have.

    On windows NT 3.5 you used to be able to write to the registry with null sessions which was a risk. This was rectified a long time ago.

  4. #4
    Junior Member
    Join Date
    Nov 2002
    Posts
    1
    oh well, being able to enumerate user accounts is still a "main goal" of null sessions, since it makes brute-forcing quite easy (`specially if you have weak passes)
    Nevertheless, "patching" can be done quickly

    either this way:

    http://netsecurity.rutgers.edu/null_sessions.htm

    or simply put

    c:\WINNT\system32\net.exe share IPC$ /DELETE /Y

    into your "run" key in the winreg (theres also an official winreg fix for automated shares) . But as said in the link - be careful with those settings since they can heavily influence network connectivity !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •