RE: Using Null Session information from NAT.EXE

From: Ian Lyte (ianlyte@hotmail.com)
Date: 10/31/01 

From: "Ian Lyte" <ianlyte@hotmail.com>
To: pen-test@securityfocus.com
Subject: RE: Using Null Session information from NAT.EXE
Date: Wed, 31 Oct 2001 10:07:10 
Message-ID: <F140NEcBjsjUTde3Ooy0001742b@hotmail.com>

Thanks to everyone who got back to me. Unfortunately no-one seems to have
hit upon the solution as yet.

On reviewing my post I realise (or more accurately - have had pointed out to
me!) that I did infact forget to put a \\ in font of the IP address i.e NET
USE * \\10.10.10.10\c$ ... . Sorry this was a typo.

Most of the replies I received centred around

NET USE * \\10.10.10.10\c$ password /user:domain_name\Administrator
and
NET USE * \\10.10.10.10\c$ password /user:computer_name\Administrator

Unfortunately these were unsuccesful as well.

And the computer_name is in the lmhosts file.

I did leave out some information on my original post that is probably very
relevant for which I do apologise if I have wasted anyone's time due to the
fact that is is now a blindingly obvious solution.

I'm trying to connect from an NT4 workstation, with non-admin privileges, to
a Windows 2000 box if this makes a difference.

Bikar Dude suggested getting hold of a modified smbclient to use instead of
NET - anybody have any suggestions as to where I may find one?

The big question is, for me anyway, since NAT.EXE has succesfully found the
Admin password it is obviously managing to connect to the other box somehow
and get authenticated. How is it that NAT can and I can't? Is this due to
NAT using its own modified SMBCLIENT and if so where can I get a copy of the
SMBCLIENT only?

Thanks again to all who replied.

Ian

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)