NULL IPC$ Sessions

From: Josh Santomieri (marine@INREACH.COM)
Date: 01/23/02

Date:         Wed, 23 Jan 2002 12:37:37 -0800
From: Josh Santomieri <marine@INREACH.COM>

        Null IPC$ sessions are a simplistic thing that are very easily over looked
with the general configuration of Window NT/2000/XP computers. If your
server is not protected with a firewall or some other type of security and a
NULL IPC$ connection can be made any user can gather a great deal of
information from your server.
Here is an example of some information gathered from my server with an
application that I created:

        Remote IPC
        Remote Admin
        Special Share
        Default share
        Special Share

        Ordinary users

        Built-in account for administering the computer/domain
        Password Age: 9923869 Seconds
        Last Logon: 1011679505 Seconds
        Number of Logins: 154
        Normal Account | Password Does Not Expire
        Built-in account for guest access to the computer/domain
        Normal Account | Account Disabled | No Password Required | Cannot Change
Password | Password Does Not Expire
        Built-in account for anonymous access to Internet Information Services
        Password Age: 9923025 Seconds
        Internet Guest Account
        Last Logon: 1011758860 Seconds
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
        Built-in account for Internet Information Services to start out of process
        Password Age: 9923062 Seconds
        Launch IIS Process Account
        Last Logon: 1011345494 Seconds
        Number of Logins: 28
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
        This user account is used by Terminal Services.
        Password Age: 49935 Seconds
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire

The application used to receive this information is available for download

Program recieves all Share, Group and User information on the server or

All of this information is able to be gathered from any Windows NT/2000/XP
computer that can have a NULL IPC$ session connected to it.

Josh Santomieri
Santomieri Systems
Fax: (509) 693-5573

Delivery co-sponsored by Qualys - Make Your Network Secure
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!

Relevant Pages

  • Re: Trapped with Security
    ... Make certain that IPC$ is shared on the remote system and it should work. ... > I'm always remember to implement security for every new installed server, ... Whether using Security Configuration ...
  • Re: Ipc$ share hack
    ... OS, version, Active Directory or not, any security ... It's not to any hacker's advantage to turn off IPC$. ... playing with securing the server. ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
  • Re: anonymous logon
    ... It creates a "null" sessions to the target computer. ... you will see the ipc$ share if file and print sharing is enabled. ... >> security option in Local Security Policy for additional restrictions ... >> Baseline Security Analyzer on your server and the highly recommended ...
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...