Penetration Testing mailing list archives
Re: Using Null Session information from NAT.EXE
From: "Oliver Karow" <Oliver.Karow () gmx de>
Date: Tue, 30 Oct 2001 09:10:15 +0100
Hi, reading your mail on the fly.... i would say you should try net use with the following style "/USER:domainname\username" or "/USER:hostname\username" because it might be the old problem with the local admin vs domain admin bye... Oliver ----- Original Message ----- From: "Ian Lyte" <ianlyte () hotmail com> To: <pen-test () securityfocus com> Sent: Tuesday, October 30, 2001 5:39 PM Subject: Using Null Session information from NAT.EXE
Running NAT.EXE on a machine my local network gives me the following
results
[obvious bits changed] [*]--- Reading usernames from user.txt [*]--- Reading passwords from bigpass.txt [*]--- Checking host: xxx.xxx.xxx.xxx [*]--- Obtaining list of remote NetBIOS names [*]--- Attempting to connect with name: * [*]--- Unable to connect [*]--- Attempting to connect with name: *SMBSERVER [*]--- CONNECTED with name: *SMBSERVER [*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03 [*]--- Server time is Tue Oct 30 14:30:36 2001 [*]--- Timezone is UTC+0.0 [*]--- Remote server wants us to encrypt, telling it not to [*]--- Attempting to connect with name: *SMBSERVER [*]--- CONNECTED with name: *SMBSERVER [*]--- Attempting to establish session [*]--- Was not able to establish session with no password [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `0' <---SNIP---> [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `password' [*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password' [*]--- Obtained server information: Server=[xxxxxxx] User=[] Workgroup=[xxxxxxx] Domain=[] [*]--- Attempting to access share: \\*SMBSERVER\ <file://\\*SMBSERVER\> [*]--- Unable to access [*]--- Attempting to access share: \\*SMBSERVER\ADMIN$ <file://\\*SMBSERVER\ADMIN$> [*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$ <file://\\*SMBSERVER\ADMIN$> [*]--- Checking write access in: \\*SMBSERVER\ADMIN$ <file://\\*SMBSERVER\ADMIN$> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$ <file://\\*SMBSERVER\ADMIN$> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$ <file://\\*SMBSERVER\ADMIN$> [*]--- Attempting to access share: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
[*]--- WARNING: Able to access share: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$> [*]--- Checking write access in: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$> [*]--- Attempting to access share: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
[*]--- WARNING: Able to access share: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$> [*]--- Checking write access in: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$> [*]--- Attempting to access share: \\*SMBSERVER\ROOT <file://\\*SMBSERVER\ROOT> [*]--- Unable to access [*]--- Attempting to access share: \\*SMBSERVER\WINNT$ <file://\\*SMBSERVER\WINNT$> [*]--- Unable to access Now from here I thought it would just be a case of NET USE Z: xxx.xxx.xxx.xxx\c$ /user:administrator password to map the C$ to a local z: However every time I try that it gives me a System error 1326 has occurred. Logon Failure: unknown user name or bad password. Now I have gone to the machine and know that the user:pass combo is
correct.
So, what am I doing wrong? I've searched the archives to no avail and I notice on Google groups that a lot of people have asked the same question but not received an answer. So I am turning to you guys ;) Ian _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Using Null Session information from NAT.EXE Ian Lyte (Oct 30)
- Re: Using Null Session information from NAT.EXE Oliver Karow (Oct 30)
- Re: Using Null Session information from NAT.EXE Tom Fischer (Oct 30)
- Re: Using Null Session information from NAT.EXE Bikar Dude (Oct 30)
- <Possible follow-ups>
- RE: Using Null Session information from NAT.EXE Herman Sheremetyev (Oct 30)
- Re: Using Null Session information from NAT.EXE Mike Brentlinger (Oct 30)
- RE: Using Null Session information from NAT.EXE Ian Lyte (Oct 31)
- RE: Using Null Session information from NAT.EXE crazytrain.com (Oct 31)