Re: Using Null Session information from NAT.EXE
From: Oliver Karow (Oliver.Karow@gmx.de)Date: 10/30/01
- Previous message: Herman Sheremetyev: "RE: Using Null Session information from NAT.EXE"
- In reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
- Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <000c01c1611a$541b16f0$5800000a@workstat> From: "Oliver Karow" <Oliver.Karow@gmx.de> To: "Ian Lyte" <ianlyte@hotmail.com>, <pen-test@securityfocus.com> Subject: Re: Using Null Session information from NAT.EXE Date: Tue, 30 Oct 2001 09:10:15 +0100
Hi,
reading your mail on the fly.... i would say you should try
net use with the following style "/USER:domainname\username" or
"/USER:hostname\username"
because it might be the old problem with the local admin vs domain admin
bye...
Oliver
----- Original Message -----
From: "Ian Lyte" <ianlyte@hotmail.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, October 30, 2001 5:39 PM
Subject: Using Null Session information from NAT.EXE
> Running NAT.EXE on a machine my local network gives me the following
results
> [obvious bits changed]
>
>
> [*]--- Reading usernames from user.txt
> [*]--- Reading passwords from bigpass.txt
>
> [*]--- Checking host: xxx.xxx.xxx.xxx
> [*]--- Obtaining list of remote NetBIOS names
>
> [*]--- Attempting to connect with name: *
> [*]--- Unable to connect
>
> [*]--- Attempting to connect with name: *SMBSERVER
> [*]--- CONNECTED with name: *SMBSERVER
> [*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
> [*]--- Server time is Tue Oct 30 14:30:36 2001
> [*]--- Timezone is UTC+0.0
> [*]--- Remote server wants us to encrypt, telling it not to
>
> [*]--- Attempting to connect with name: *SMBSERVER
> [*]--- CONNECTED with name: *SMBSERVER
> [*]--- Attempting to establish session
> [*]--- Was not able to establish session with no password
> [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `0'
>
> <---SNIP--->
>
> [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password:
> `password'
> [*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password'
>
> [*]--- Obtained server information:
>
> Server=[xxxxxxx] User=[] Workgroup=[xxxxxxx] Domain=[]
>
> [*]--- Attempting to access share: \\*SMBSERVER\ <file://\\*SMBSERVER\>
> [*]--- Unable to access
>
> [*]--- Attempting to access share: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- Checking write access in: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
> [*]--- Checking write access in: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
> [*]--- Checking write access in: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\ROOT
> <file://\\*SMBSERVER\ROOT>
> [*]--- Unable to access
>
> [*]--- Attempting to access share: \\*SMBSERVER\WINNT$
> <file://\\*SMBSERVER\WINNT$>
> [*]--- Unable to access
>
>
> Now from here I thought it would just be a case of
>
> NET USE Z: xxx.xxx.xxx.xxx\c$ /user:administrator password
>
> to map the C$ to a local z:
>
> However every time I try that it gives me a
>
> System error 1326 has occurred.
> Logon Failure: unknown user name or bad password.
>
> Now I have gone to the machine and know that the user:pass combo is
correct.
>
> So, what am I doing wrong? I've searched the archives to no avail and I
> notice on Google groups that a lot of people have asked the same question
> but not received an answer. So I am turning to you guys ;)
>
> Ian
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> --------------------------------------------------------------------------
-- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ >---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Herman Sheremetyev: "RE: Using Null Session information from NAT.EXE"
- In reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
- Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
