NULL IPC$ Sessions
From: Josh Santomieri (marine@INREACH.COM)Date: 01/23/02
- Previous message: Marc DeBonis: "New open source W2K security utility, Daisy v1.5"
- Next in thread: Michael Katz: "Re: NULL IPC$ Sessions"
- Reply: Michael Katz: "Re: NULL IPC$ Sessions"
- Reply: ThePsyko: "Re: NULL IPC$ Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Jan 2002 12:37:37 -0800 From: Josh Santomieri <marine@INREACH.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Null IPC$ sessions are a simplistic thing that are very easily over looked
with the general configuration of Window NT/2000/XP computers. If your
server is not protected with a firewall or some other type of security and a
NULL IPC$ connection can be made any user can gather a great deal of
information from your server.
Here is an example of some information gathered from my server with an
application that I created:
\\10.10.0.253
Shares:
IPC$
Remote IPC
ADMIN$
Remote Admin
Special Share
C$
Default share
Special Share
Groups:
None
Ordinary users
Users:
Administrator
Built-in account for administering the computer/domain
Password Age: 9923869 Seconds
Last Logon: 1011679505 Seconds
Number of Logins: 154
Normal Account | Password Does Not Expire
Guest
Built-in account for guest access to the computer/domain
Normal Account | Account Disabled | No Password Required | Cannot Change
Password | Password Does Not Expire
IUSR_JLSSRV
Built-in account for anonymous access to Internet Information Services
Password Age: 9923025 Seconds
Internet Guest Account
Last Logon: 1011758860 Seconds
Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
IWAM_JLSSRV
Built-in account for Internet Information Services to start out of process
applications
Password Age: 9923062 Seconds
Launch IIS Process Account
Last Logon: 1011345494 Seconds
Number of Logins: 28
Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
TsInternetUser
This user account is used by Terminal Services.
Password Age: 49935 Seconds
TsInternetUser
Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
The application used to receive this information is available for download
at:
http://home.inreach.com/marine/program/NTSrvSleuth/NTSrvSleuth_10b.zip
Program recieves all Share, Group and User information on the server or
workstation.
All of this information is able to be gathered from any Windows NT/2000/XP
computer that can have a NULL IPC$ session connected to it.
Josh Santomieri
Owner
Santomieri Systems
marine@inreach.com
Fax: (509) 693-5573
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Marc DeBonis: "New open source W2K security utility, Daisy v1.5"
- Next in thread: Michael Katz: "Re: NULL IPC$ Sessions"
- Reply: Michael Katz: "Re: NULL IPC$ Sessions"
- Reply: ThePsyko: "Re: NULL IPC$ Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
