HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 68 guests and 2 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Null sessions
EH-Net
May 24, 2012, 05:59:43 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Null sessions  (Read 2775 times)
0 Members and 2 Guests are viewing this topic.
Hack_80
Jr. Member
**
Offline Offline

Posts: 59


Black buck


View Profile
« on: June 19, 2008, 03:57:40 AM »
Hi,
 I m using windows 2k machines and while scaning through ISS scanner i found vulnerability for Null sessions. I disabled the features for null session thru registry

[HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous:Reg_Dwor
d:0x1]
still the vulnerability is detected for the same.
Kindly help for solutions


thankx
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1830


View Profile WWW
« Reply #1 on: June 19, 2008, 10:36:31 AM »
Have you tried actually creating a null session with the machine? It very well could just be a false-positive from you vulnerability scanner.

BillV
Logged
phn1x
Newbie
*
Offline Offline

Posts: 26


View Profile
« Reply #2 on: June 19, 2008, 11:40:24 AM »
It's not necessarily a false positive, it's just a lack of understanding of named pipes.


Windows 2000 Null session restrictions has 3 values.

Value 0. No restrictions
Value 1. Prevent direct enumeration of accounts and groups using the samr named pipe.

But... There are 6 hardcoded named pipes in win2k

Value 2. Prevent Null sessions (anonymous connections to the IPC$)

So, To solve your problem change the registry value to 2, and re scan! Your problem should go away
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.114 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.