Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Log in to a remote host with null session?

  1. #1

    Log in to a remote host with null session?

    Hello everyone, I'm at work right now and hope i can get an answer before the end of the day!
    Anyway, I'll give you a very short story, a machine was hitting a honeypot of mine. I scanned it with nessus (quite vulnerable) ftp server running...and many other ports...Nessus said that port 445 was open to null sessions. THe nessus plugin is 10394 if you want more info on that. What i want to know is how can i connect with a null session? I was using Net use g: \\host\"" and hten password "" but that doesn't work. Am I even on the right track?
    Thank you,
    Thekit

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Here's some info that my help you out, look into using the Enum tool it lists:

    http://www.brown.edu/Facilities/CIS/...tbiosnull.html

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    if the machine that was attacking your honey pot is very vulnerable it's probably owned and also home to many worms. not many try to break-in from their own computer.

    if you also break in you can count yourself amoung the low life that has gone before you.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Thank you very much IronGeek, I'll look into it.. TO Tedob1: Did you even read my post? I work for a company, there machine is infected. I AM ALLOWED connect to there machine. You should read posts twice before you type.
    Thekit

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    you should read your posts before you submit them...you said "a machine" was hitting your honey pot. no where do you claim ownership of anything except the honey pot....but my appologies!


    Net use g: \\host\<sharename> and the password if required

    you must include the name of the share you want to map to. you just cant map to a computer with net use. C$ and IPC$ are good to try
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    a machine was hitting a honeypot of mine. I scanned it with nessus (quite vulnerable) ftp server running...and many other ports...Nessus said that port 445 was open to null sessions.
    I work for a company, there machine is infected. I AM ALLOWED connect to there machine.
    I have to ask.... probably a dumb question though.....

    Er.... What are you doing playing with a honeypot when you have owned machines on your system? It seems to me that your prioritization strategy tends towards the "fun" rather than the effective. Had you set up a proper IDS which would give more broad ranging and long term benefit to your employer you would have discovered this anyway.

    Secondly, and much more importantly with regard to your professional ability/attitude is that fact that connecting to the box that has "issues" directly in the fashion you intend would be utterly the wrong thing to do. You need to begin a forensic examination of the box not try to play with it.

    Now, of course, I'm giving you the benefit of the doubt here when you say that you are an employee of the company that owns the box and have permission to take any action on or against the box. Should I be wrong I would find myself utterly in agreement with Tedob's statement re: low life.

    Please..... Be legit and do it right..... Otherwise you are playing at being an admin......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    TIGERSHARK, have you nothing better to do?
    Your trying to tell me my priorities are wrong????
    I setup the honey pot 3 weeks ago, It has been incredibly effective. I've found many, many computers that have been infected with viruses and such.
    Do you know what position i have at my work? no you don't. so i have no idea how you can assume to tell me that I could simply setup an IDS. You also have no idea how our networks are setup, how many machines there are.

    You then go on to tell me how I should deal with the infected machine. The machine is going to be taken and formated likely, but that isn't up to me anyway. All i wanted to know is how to go about connecting with null sessions. I had every right to do it, and i wanted to learn how to do it. You have no idea what the security policy is at the place that i work, so you really shouldn't speak at all.

    3rd you go on about giving me the benefit of the doubt that i work where i work? I could just say the same thing to you, Well you might be a hacker so maybe you should stop going on anti-online completely. It's absurd either way!

    All i wanted was to learn something, too many people waste time assuming that everybody around them is a hacker or something.

    I have to thank IronGeek again for an informative paper on null sessions

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Do you know what position i have at my work? no you don't. so i have no idea how you can assume to tell me that I could simply setup an IDS. You also have no idea how our networks are setup, how many machines there are.
    So tell me..... You can set up a honeypot but you can't set up an IDS? Doesn't make much sense to me when you consider the fact that if you don't know how to properly deal with a honeypot you can become part of the problem whereas setting up an IDS _properly_ would never make you part of the problem..... Is that a Duh? I dunno.... I think you get the point!

    The machine is going to be taken and formated likely, but that isn't up to me anyway.
    Then why are you messing with it..... You aren't the decision maker.... thus, it isn't yours to mess with, thus, quit messing with things you don't have control over, (and apparently understanding of).

    Formatting the box is fixing the symptom.... It's dumb.... It's like getting 1 mpg out of your car and simply filling the gas tank every 18 miles.... you fix the symptom... not the problem!!!!!

    You have no idea what the security policy is at the place that i work, so you really shouldn't speak at all.
    You started the thread.... You gave little information... and now you bitch at me..... Yep, you're cool...... Numbnutz.......

    3rd you go on about giving me the benefit of the doubt that i work where i work? I could just say the same thing to you, Well you might be a hacker so maybe you should stop going on anti-online completely. It's absurd either way!
    I have a posting record here that extends for a couple of years.... In fact, if you looked carefully through all my posting record you could probably give me my SSN.... You have come in and asked a question in a way that leaves things "questionable"....

    What you wanted to learn would be harmful..... I was trying to tell you that despite the questionable information you provided.... Your choice.... You wanted to do something that could be potentially, (no.... definitely), harmful to your employer... I was trying to help.....

    If you want further assistance I will be happy to help..... Just don't give me **** for:-

    1. trying
    2. Being suspicious..... I do security for a living.... and it's based on distrust.... Learn it!!!!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    thekit ! you are a looser!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Junior Member
    Join Date
    Aug 2004
    Posts
    22
    thekid... you are gonna get banned...

    have a little respect for the seniors on AO

    i've gotten banned before (way before) for the same kind of disrespectful **** you are doing right now. pls don't mouth off to Tiger he is one of the smartest ppl on AO and he knows better. also don't give us "a story" . noone (rational) here is going to tell you step by step how to expliot a null session. (which by the way is ooooolllddddddddd)... so read and learn and don't try to get over on ppl who know better.
    \"Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding...\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •