NULL IPC$ Sessions

From: Josh Santomieri (marine@INREACH.COM)
Date: 01/23/02


Date:         Wed, 23 Jan 2002 12:37:37 -0800
From: Josh Santomieri <marine@INREACH.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


        Null IPC$ sessions are a simplistic thing that are very easily over looked
with the general configuration of Window NT/2000/XP computers. If your
server is not protected with a firewall or some other type of security and a
NULL IPC$ connection can be made any user can gather a great deal of
information from your server.
Here is an example of some information gathered from my server with an
application that I created:
\\10.10.0.253

Shares:
IPC$
        Remote IPC
ADMIN$
        Remote Admin
        Special Share
C$
        Default share
        Special Share

Groups:
None
        Ordinary users

Users:
Administrator
        Built-in account for administering the computer/domain
        Password Age: 9923869 Seconds
        Last Logon: 1011679505 Seconds
        Number of Logins: 154
        Normal Account | Password Does Not Expire
Guest
        Built-in account for guest access to the computer/domain
        Normal Account | Account Disabled | No Password Required | Cannot Change
Password | Password Does Not Expire
IUSR_JLSSRV
        Built-in account for anonymous access to Internet Information Services
        Password Age: 9923025 Seconds
        Internet Guest Account
        Last Logon: 1011758860 Seconds
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
IWAM_JLSSRV
        Built-in account for Internet Information Services to start out of process
applications
        Password Age: 9923062 Seconds
        Launch IIS Process Account
        Last Logon: 1011345494 Seconds
        Number of Logins: 28
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire
TsInternetUser
        This user account is used by Terminal Services.
        Password Age: 49935 Seconds
        TsInternetUser
        Normal Account | No Password Required | Cannot Change Password | Password
Does Not Expire

The application used to receive this information is available for download
at:
        http://home.inreach.com/marine/program/NTSrvSleuth/NTSrvSleuth_10b.zip

Program recieves all Share, Group and User information on the server or
workstation.

All of this information is able to be gathered from any Windows NT/2000/XP
computer that can have a NULL IPC$ session connected to it.

Josh Santomieri
Owner
Santomieri Systems
marine@inreach.com
Fax: (509) 693-5573

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo