Dunno Slick.. try my Google
http://www.google.com.au/search?hl=e...a=lr%3Dlang_en
Cheers
Printable View
Dunno Slick.. try my Google
http://www.google.com.au/search?hl=e...a=lr%3Dlang_en
Cheers
You already found out how they hit you, through a NetBIOS null session. Theres really no reason to even have to know how to perform an attack like this to 'further your knowledge,' because even if you do know how they do the attack you still are just going to disable NetBIOS since its the easiest and best solution to the problem.
Another reason therefore would be I have the ability to block programs being run on my server by name. provided the user can just rename it msword.exe, it at least logs it in my log files.
netbios threw webpages...admin my ass, NB doesn't run on port 80.
did you actually make this up or did you read it somewhere. maybe retina scanner is showing netbios being vulnerable but it dosnt tell you how a server has been hacked in the past so what do you think your trying to tell us... but if i wanted a list of users from a database id use sql injection...what kind of half ass would run a webserver without a firewall which would block NB connection from the internet even in its default configuration.
http://www.cgisecurity.com/lib/Manip..._Injection.pdf
http://www.cgisecurity.com/lib/SQLIn...WhitePaper.pdf
http://www.governmentsecurity.org/fo...showtopic=1525
enum:
http://razor.bindview.com/tools/index.shtml