| I l@ve RuBoard | |
Source: Native NT command
Client OS: Windows NT
Target OS: Windows NT
Description: A null connection uses NET USE to connect to the default IPC$ (inter-process communication) share on a Windows NT system with no user name or password. By making this anonymous connection, you can gather user, group, policy, and registry information about the target host. The null session is a major tool for Windows NT testing. Many of the tools described below require a null session in order to work properly.
Use: A null connection requires access to TCP port 139 on the target server to be successful. To perform the null connection, use the following syntax:
C:\>net use \\servername\ipc$ "" /user: ""
The system should return the message, “The command completed successfully.” Sometimes a long NetBIOS name will not work. If this occurs, use the IP address in place of the server name. Once this connection has been established, you can use DumpSec or other tools to enumerate host information.
There is a countermeasure to the null connection. By enabling the RestrictAnonymous key, you can limit the amount of information an attacker could obtain from a null connection. To enable the RestrictAnonymous key, follow the steps below.
From the Start menu, select Run.
Type regedt32.exe and click OK. This opens the Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA registry key and add the RestrictAnonymous registry value.
Set the value of REG_DWORD to 1.
Benefit: Null connections enable you to determine useful information about the target system.
Con: You need to remember to delete your null connections when you are done with them or they could interfere with other tests.
| I l@ve RuBoard | |