Re: Using Null Session information from NAT.EXE

From: bs (bsshuhart@onemain.com)
Date: 11/01/01

Previous message: Martin Jr., Wally G.: "RE: MIT Magic cookie vulnerability automated checking?"
Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Reply: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Reply: Windex King: "Re: Using Null Session information from NAT.EXE"
Reply: bluefur0r bluefur0r: "Re: Using Null Session information from NAT.EXE"
Reply: H Carvey: "Re: Using Null Session information from NAT.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <019a01c16270$50e79ce0$2f2a2940@bs>
From: "bs" <bsshuhart@onemain.com>
To: "Ian Lyte" <ianlyte@hotmail.com>, <pen-test@securityfocus.com>
Subject: Re: Using Null Session information from NAT.EXE
Date: Wed, 31 Oct 2001 19:58:23 -0500

I have run into similar situations while performing PenTests. Why this
occurrs, I don't know, but try rebooting the system. I have run "net use
/delete *" to ensure all connections are dropped, but only the reboot
cleaned everything up. Not sure why, but sometimes after running an
automated tool something gets hosed. A simple reboot after the scan and
then connect on first try.

Also, it looks like you have the command line sequence correct now, but if
it still doesn't connect correctly, try the GUI with NT Explorer.

----- Original Message -----
From: "Ian Lyte" <ianlyte@hotmail.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, October 31, 2001 10:07 AM
Subject: RE: Using Null Session information from NAT.EXE

> Thanks to everyone who got back to me. Unfortunately no-one seems to have
> hit upon the solution as yet.
>
> On reviewing my post I realise (or more accurately - have had pointed out
to
> me!) that I did infact forget to put a \\ in font of the IP address i.e
NET
> USE * \\10.10.10.10\c$ ... . Sorry this was a typo.
>
> Most of the replies I received centred around
>
> NET USE * \\10.10.10.10\c$ password /user:domain_name\Administrator
> and
> NET USE * \\10.10.10.10\c$ password /user:computer_name\Administrator
>
>
> Unfortunately these were unsuccesful as well.
>
> And the computer_name is in the lmhosts file.
>
> I did leave out some information on my original post that is probably very
> relevant for which I do apologise if I have wasted anyone's time due to
the
> fact that is is now a blindingly obvious solution.
>
> I'm trying to connect from an NT4 workstation, with non-admin privileges,
to
> a Windows 2000 box if this makes a difference.
>
> Bikar Dude suggested getting hold of a modified smbclient to use instead
of
> NET - anybody have any suggestions as to where I may find one?
>
> The big question is, for me anyway, since NAT.EXE has succesfully found
the
> Admin password it is obviously managing to connect to the other box
somehow
> and get authenticated. How is it that NAT can and I can't? Is this due to
> NAT using its own modified SMBCLIENT and if so where can I get a copy of
the
> SMBCLIENT only?
>
> Thanks again to all who replied.
>
> Ian
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> --------------------------------------------------------------------------

-- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ >

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Previous message: Martin Jr., Wally G.: "RE: MIT Magic cookie vulnerability automated checking?"
Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Reply: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Reply: Windex King: "Re: Using Null Session information from NAT.EXE"
Reply: bluefur0r bluefur0r: "Re: Using Null Session information from NAT.EXE"
Reply: H Carvey: "Re: Using Null Session information from NAT.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: faster scans? (nmap)
... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: pen test help please asap
... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
Re: ettercap help
... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
RE: CFM SQL injection
... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: ettercap help
... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)