September 20th, 2004, 08:27 PM
What is Null Session?
I am new computer user. Please try to tell me what this is?
What is a null Session? How do hackers use null session to hack? What are the tools used by hackers?
If you could provide me anserws to this it will be very helpful.
September 20th, 2004, 08:30 PM
A null session typically means a session established with no user-credentials required (null credentials, null logon). Null session also typically refers to connections made via netbios, and in this context, it means people could connect to your netbios service with no credentials and do things like enumerate users and shares (unless you turn it off).
As far as tools and actual methods, google and the search button here are your friend.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
September 20th, 2004, 08:33 PM
Null Session: http://www.softheap.com/security/session-access.html
For your reading pleasure.
I'm aware that there is an attempt to get some more 'interesting' topics into the forum. But, this to me still rings bells ...............
anban: I would prefer it if you could re-phrase your question, so that we can make a more educated guess as to where you are heading with your learning curve ................
As for extra reading; check out the links at the bottom of the thread as well.
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
September 20th, 2004, 11:45 PM
And incase your wondering how to establish a Null session without using a tool here is an example:
net use \\<host ip>\$IPC "" /u:""
September 21st, 2004, 01:53 AM
or you can check an entire list of ips:
for /F "tokens=1" %X in (list.txt) do net use...[i agree with foxey here, no need for too many details]
and make note of those that complete sucessfully. my point is KNOW YOUR OS! its the best tool you have.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
September 21st, 2004, 02:01 AM
Thank you all.
Im work place they were talking about null session connections, i became curious.
Nothing related to hacking. My intention is not that.
Now I understand its all about SNMP/CIFS. Thank you all.
September 21st, 2004, 02:12 AM
I think you mean SMB/CIFS/NetBIOS (NetBIOS being for naming and service finding)