Bugtraq mailing list archives
Re: name of built-in administrator
From: Vic.Anderson () ITLS COM (Vic Anderson)
Date: Tue, 28 Apr 1998 14:10:32 -0400
This was supposedly fixed in service pack 3, check out the release notes for Service Pack 3, also check out KB article Q143474 concerning limiting NULL session connections. -----Original Message----- From: David LeBlanc [mailto:dleblanc () MINDSPRING COM] Sent: Tuesday, April 28, 1998 1:12 PM To: BUGTRAQ () NETSPACE ORG Subject: Re: name of built-in administrator At 10:21 AM 4/28/98 +0400, Evgenii Borisovich Rudnyi wrote in NTBUGTRAQ:
While learning what SID is, I have written two utilities, user2sid and sid2user, which are actually command line interfaces to WIN32
functions,
LookupAccountName and LookupAccountSid. So, no hacking, just what is permitted by MS.
[which allows users to be extracted] This is documented (to some extent) in a knowledge base article. I wrote an app which grabs all the users (and accounts for why the ISS NT scanner 5.0 always gets the admin user, no matter what), and advised Microsoft that I thought this was something that should be fixed. At this time, there is no fix for this, except to filter connections to port 139. I've tried a couple of things I thought would fix it, but found that it caused severe problems. So, at the moment, if you can get a null session, you can dump all the users, groups, and machine accounts. You can also cause some other problems, but they are a little arcane, and MS has been advised (I only found it this morning, trying to make a fix for this). There isn't anything you can do to stop the other problems, except filter 139, so... IMHO, we should be able to control whether or not NT accepts null sessions. It is possible they are doing something about this in SP4 - they didn't tell me whether, how or when they planned to fix it. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: name of built-in administrator David LeBlanc (Apr 28)
- <Possible follow-ups>
- Re: name of built-in administrator Vic Anderson (Apr 28)
- Re: name of built-in administrator David LeBlanc (Apr 28)
- Re: name of built-in administrator David LeBlanc (Apr 28)