Penetration Testing mailing list archives
Re: Null Session
From: H D Moore <sflist () digitaloffense net>
Date: Mon, 7 Mar 2005 15:04:33 -0600
Windows XP and 2003 will map an invalid login to an anonymous session. You can tell whether your authentication is a real or anonymous one by checking the "Action" flag in the response to your SessionSetup request. For some goofy reason, Windows XP will deny "null" authentication, but allow null sessions with an invalid username. The server will accept connections to the remote registry service and the ADMIN$ share, but you will not have access to view or modify the contents in a default configuration. -HD On Sunday 06 March 2005 06:54, Wbsony wrote:
Anybody encountered this situation before and could enlighten me?
Current thread:
- Null Session Wbsony (Mar 07)
- Re: Null Session H D Moore (Mar 07)
- Avoiding Postfix Fingerprinting Isidro Labrador (Mar 08)
- Re: Avoiding Postfix Fingerprinting Joachim Schipper (Mar 08)
- Re: Avoiding Postfix Fingerprinting Javier Fernandez-Sanguino (Mar 09)
- Re: Avoiding Postfix Fingerprinting Olivier Fauchon (Mar 09)
- Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)
- Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)
- Avoiding Postfix Fingerprinting Isidro Labrador (Mar 08)
- Re: Null Session H D Moore (Mar 07)