Wot could I do with a NetBios Null session?

**boomwoody** · May 30th, 2003, 09:36 AM

They told me that a Null session is sending a null for the user name and password when establishing a connection to the ipc$ (Inter Process Communication) pipe. And they said I'm able to establish a null session they can gain lists of user names, shares, etc...

But how can I do that?

***SirDice*** · May 30th, 2003, 10:49 AM

Check the archives. There are probably a few tutorials/postings covering this topic.

Oh i also have another rule for you to add to your signature:

I must learn to search the OA archives before asking questions.

http://www.antionline.com/showthread...=null+sessions

***thehorse13*** · May 30th, 2003, 11:53 AM

Yes, you can enumerate accounts via $IPC null sessions. This includes domain accounts should you be lucky enough to attempt this in a MS domain. However, there is also something else you can do, and that is go to jail. Think about what you are doing before you go running amuck on a network because people like me (and others here) are just waiting for people like you to step out of line on our networks.

When asking questions, be clear about your intentions. If you ask a question like yours, it immediately smells of malicious intent. Try explaining your situation:

"Hi, I'm a junior tech and I was told about account enumeration via $IPC shares. I have been given the task of identifying machines that are serving up these shares. Are there tools to identify this and what can I do to close this hole?"

Behave in this fashion and you will reap all the benefits this site has to offer.

***Tiger Shark*** · May 30th, 2003, 12:46 PM

because people like me (and others here) are just waiting for people like you to step out of line on our networks.

Hoss: You have never said a truer word my friend......

From this sysadmin's POV it's..... C'mon down skiddies..... Wanna play with my network from the inside...... Ohhhhh..... I have dreams about this...... "Pick yer window son.... Y'er Leavin'..." <LOL>

PS: Did we watch Platoon recently.... (your sig is a line from that)....

**R0n1n** · May 30th, 2003, 01:40 PM

Rhino 9 prodcued a paper some time back which provided some detail on null sessions so that might be useful to you. ( I think the paper was entitled Windows hacking, or something similar). Also I suspect that any article on attacking Windows will provide coverage of this topic.

**boomwoody** · June 1st, 2003, 12:51 PM

Hi, I'm a junior tech and I was told about account enumeration via $IPC shares. I have been given the task of identifying machines that are serving up these shares. Are there tools to identify this and what can I do to close this hole?

I am a Analyser, I know how 2 close is by editing .reg file. I'm just a little bit curious about how the crackers do.
Any way... thank you all.

**hjack** · June 1st, 2003, 02:42 PM

boomwoody, your not to quick are you? I mean the wheel is spinning, but the gerbil is dead man.

hjack

***Maestr0*** · June 2nd, 2003, 05:56 AM

The mighty google knows all.
"NetBios Null Session"
I have answered you, now you must write 'I will not use NetBios for evil' one hundred times.

-Maestr0

**boomwoody** · June 2nd, 2003, 01:18 PM

hoho, Maestr0 is a googler

Thread: Wot could I do with a NetBios Null session?

Thread Tools

Display

Wot could I do with a NetBios Null session?

Posting Permissions