Penetration Testing mailing list archives
RE: 2 in 1: Vmware Limitations / Null Sessions
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 9 Feb 2006 16:35:27 -0500
-----Original Message----- Subject: 2 in 1: Vmware Limitations / Null Sessions
1)Vmware-related: When running an image of an OS on windows XP SP2, does
it suffer from the
limitations of the Host OS? I.e - Am I anonymous when running Anonym.OS's
image on VMWare on
Win XP SP2? - Do I have raw sockets problems when scanning off a Linux
image again on VMWare
Win XP?
As far as being 'anonymous' on a network, I don't buy it. There are still plenty of ways of discovering and analyzing a machine running Anonym.OS. Also, no, your XP interfaces will still show up as XP on the local network. It will look like two machines to the untrained eye - one running XP on the native Windows interface, the other running Anonym.OS on the VMnic0 interface. However, anybody with access to the switch you're on will be able to tell that it's really one device. As far as raw socket access through VMWare on XP, it should work just fine. Specifically, XP SP2 will not prevent a VM OS from using raw sockets. I suppose you could run into compatibility issues along the way, but generally speaking it works.
2)Null Sessions-related: Bit of history for those of you unfamiliar. Null
sessions have been
enabled by default in pre-XP SP1 systems; to disable you have to make a
small registry
change. In XP SP2 and Windows Server 2003 they are disabled by default,
with the EXCEPTION
of domain controllers.The real question is: - Would disabling null sessions in a domain controller cause functionality
problems?
- If it doesn't cause problems, how do I disable them?Is it the same ol' 'RestrictAnonymous==1'??
As to whether or not this will break stuff, it probably won't, but that all depends on what your clients are used to. If all clients are members of the AD domain, you shouldn't notice any difference. If your clients are in 'workgroup mode' or you regularly provide access to machines that belong to other AD domains, then you may experience problems. As far as disabling it, yes, RestrictAnonymous, or Local/Group Security Policy (it's all the same). Note that starting in 2000 there is also a '2' value that not only prevents anonymous enumeration of accounts and shares, it essentially prevents any anonymous access at all. If all concerned are members of the same AD domain, this is the recommended setting. 1 is really there for backward compatibility to NT4 domains and clients. PaulM ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- 2 in 1: Vmware Limitations / Null Sessions pascal . cretain (Feb 09)
- RE: 2 in 1: Vmware Limitations / Null Sessions Paul Melson (Feb 09)