RE: NetBIOS Null Sessions

["Ward, Jon" <Jon_Ward () syntelinc com>]

It's been a long time since I've dealt with null sessions, but perhaps these articles could be of some help.

http://support.microsoft.com/kb/289655
http://support.bigfix.com/bes/misc/null_session_share.html

-jon



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Balaji Vasanth
Sent: Monday, April 11, 2011 12:15 AM
To: pen-test () securityfocus com
Subject: NetBIOS Null Sessions

Hi all,

I have just stepped into the field of Network Penetration Testing and was trying to play with the popular null 
sessions. I enabled the null sessions on a Win XP (running in VM) as below:

Local Security policy:
Network Access: Do not allow anonymous enumeration of SAM accounts: Disabled
Network Access: Do not allow anonymous enumeration of SAM accounts and shares:Disabled

HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=0
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=0

net use \\1.2.3.4\ipc$ "" /u:"" is a success. But when i execute "net view \\1.2.3.4" there is a "System error 5 has 
occurred.Access is denied" error message. Googling for the same hasn't turned out the expected results on how to 
correct this. Do i need to configure any additional settings in the Win XP machine to completely allow null sessions? 
Firewall is turned off by the way.

Thanks in advance

Regards
Balaji



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------