Re: Null Session
From: H D Moore (sflist_at_digitaloffense.net)
Date: 03/07/05
- Previous message: Matthew Caston: "Re: Testing large networks"
- In reply to: Wbsony: "Null Session"
- Next in thread: Isidro Labrador: "Avoiding Postfix Fingerprinting"
- Reply: Isidro Labrador: "Avoiding Postfix Fingerprinting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Mon, 7 Mar 2005 15:04:33 -0600
Windows XP and 2003 will map an invalid login to an anonymous session. You
can tell whether your authentication is a real or anonymous one by
checking the "Action" flag in the response to your SessionSetup request.
For some goofy reason, Windows XP will deny "null" authentication, but
allow null sessions with an invalid username. The server will accept
connections to the remote registry service and the ADMIN$ share, but you
will not have access to view or modify the contents in a default
configuration.
-HD
On Sunday 06 March 2005 06:54, Wbsony wrote:
> Anybody encountered this situation before and could enlighten me?
- Previous message: Matthew Caston: "Re: Testing large networks"
- In reply to: Wbsony: "Null Session"
- Next in thread: Isidro Labrador: "Avoiding Postfix Fingerprinting"
- Reply: Isidro Labrador: "Avoiding Postfix Fingerprinting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
