|
-
November 30th, 2001, 02:35 AM
#1
 million dollar question!
OK for a million fack dollars
What is a Null Session?
-
November 30th, 2001, 02:49 AM
#2
AFAIK a Null Session is a term used to describe a certain state of connection where you haven't authenticated or anything, but you can still see stuff. For instance, you can use the DOS command 'Net View' (Yes, I know that the 'view' part is actually an arguement, not the command...) on another computer (with shares, Netbios, same network, etc) and it will show you information on windows shares. But you haven't authenticated or anything have you?
Basically it means that you're connected, and you can see some potentially interesting things, but you aren't authenticated or identified.
[HvC]Terr: L33T Technical Proficiency
-
November 30th, 2001, 02:52 AM
#3
 Re: Million Dollar Question
Well, for one million fact points i thought i'd take a stab at it.
i decided to look up the proper definition of what null session is. I have also included the source for this article at the bottom of this post in case anyone was interesed in reading more about null sessions and acknowledge where this reply came from.
Microsoft Windows machines allow remote users to log in remotely (or via their domain) to a server in order to use a shared resource, such as a printer or shared directory. Once a user is logged in, their connection to the remote machine is referred to as a "session".
Microsoft Windows Servers run many services and programs. Some of these services need to communicate with other Windows Servers in order to complete their tasks. Sometimes, a Windows server needs to create a "session" with another Windows server. In some cases, a Windows server will login to a remote Windows Server using a blank username and password. This is referred to as a "Null Session".
Unfortunately, a number of hackers have learned that they also can login to some remote Windows Servers using a blank username and password. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as exploiting the "Null Session Vulnerability"...
The full article and a Null session scanner can be obtained from the author(s) of this article from this link: http://www.lokboxsoftware.com/help/h...ullSession.htm
Do i get the million fact points?
Remote_Access_
-
November 30th, 2001, 04:40 AM
#4
congrads to you two
yes you are both right and you also get extra points for he link.
there will be more questions like this in the near future.
-
November 30th, 2001, 05:49 AM
#5
Member
First, to do anything, the computer must have Windows NT/2000 running with port 139 open.
net use \\IP ADDRESS\IPC$ " " /u: " "
Use your imagination from there.
Its not very common anymore since the service packs for NT have made it easier to turn off null sesions.
For those who find it too hard to type all that (whew!) I've attatched RedButton for your enjoyment.
:o) Have a nice day!
-
November 30th, 2001, 05:54 AM
#6
Member
First, to do anything, the computer must have Windows NT/2000 running with port 139 open.
net use \\IP ADDRESS\IPC$ " " /u: " "
Use your imagination from there.
Its not very common anymore since the service packs for NT have made it easier to turn off null sesions.
For those who find it too hard to type all that (whew!) I've attatched RedButton for your enjoyment.
:o) Have a nice day!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
