NULL IPC$ Sessions

From: Josh Santomieri (marine@INREACH.COM)
Date: 01/23/02


Date:         Wed, 23 Jan 2002 12:37:37 -0800
From: Josh Santomieri <marine@INREACH.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


        Null IPC$ sessions are a simplistic thing that are very easily over looked
with the general configuration of Window NT/2000/XP computers. If your
server is not protected with a firewall or some other type of security and a
NULL IPC$ connection can be made any user can gather a great deal of
information from your server.
Here is an example of some information gathered from my server with an
application that I created:
\\10.10.0.253

Shares:
IPC$
        Remote IPC
ADMIN$
        Remote Admin
        Special Share
C$
        Default share
        Special Share

Groups:
None
        Ordinary users

Users:
Administrator
        Built-in account for administering the computer/domain
        Password Age: 9923869 Seconds
        Last Logon: 1011679505 Seconds
        Number of Logins: 154
        Normal Account | Password Does Not Expire
Guest
        Built-in account for guest access to the computer/domain
        Normal Account | Account Disabled | No Password Required | Cannot Change
Password | Password Does Not Expire
IUSR_JLSSRV
        Built-in account for anonymous access to Internet Information Services
        Password Age: 9923025 Seconds
        Internet Guest Account
        Last Logon: 1011758860 Seconds
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
IWAM_JLSSRV
        Built-in account for Internet Information Services to start out of process
applications
        Password Age: 9923062 Seconds
        Launch IIS Process Account
        Last Logon: 1011345494 Seconds
        Number of Logins: 28
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
TsInternetUser
        This user account is used by Terminal Services.
        Password Age: 49935 Seconds
        TsInternetUser
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire

The application used to receive this information is available for download
at:
        http://home.inreach.com/marine/program/NTSrvSleuth/NTSrvSleuth_10b.zip

Program recieves all Share, Group and User information on the server or
workstation.

All of this information is able to be gathered from any Windows NT/2000/XP
computer that can have a NULL IPC$ session connected to it.

Josh Santomieri
Owner
Santomieri Systems
marine@inreach.com
Fax: (509) 693-5573

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



Relevant Pages

  • Re: Trapped with Security
    ... Make certain that IPC$ is shared on the remote system and it should work. ... > I'm always remember to implement security for every new installed server, ... Whether using Security Configuration ...
    (microsoft.public.security)
  • Re: Ipc$ share hack
    ... OS, version, Active Directory or not, any security ... It's not to any hacker's advantage to turn off IPC$. ... playing with securing the server. ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
    (Security-Basics)
  • Re: anonymous logon
    ... It creates a "null" sessions to the target computer. ... you will see the ipc$ share if file and print sharing is enabled. ... >> security option in Local Security Policy for additional restrictions ... >> Baseline Security Analyzer on your server and the highly recommended ...
    (microsoft.public.win2000.security)
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
    (Security-Basics)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)