HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Need help with NULL User Session IPC$
EH-Net
May 22, 2013, 05:15:36 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Need help with NULL User Session IPC$  (Read 4523 times)
0 Members and 1 Guest are viewing this topic.
blueaxis
Newbie
*
Offline Offline

Posts: 44


View Profile
« on: September 16, 2011, 11:11:26 AM »
Using PsExec I was able to access the NULL user session IPC$ share on a remote lab machine. I was able to confirm that by looking at netstat "established" connections. However I couldn't continue further because I keep getting Access Denied errors. Does it mean it can't be assessed further?
Logged
hell_razor
Jr. Member
**
Offline Offline

Posts: 90


View Profile
« Reply #1 on: September 16, 2011, 12:35:27 PM »
It means it was patched such that null user sessions have very limited rights.  You should look for other methods of penetration.
Logged
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
blueaxis
Newbie
*
Offline Offline

Posts: 44


View Profile
« Reply #2 on: September 16, 2011, 12:46:56 PM »
Thanks for the clarification. Can you throw some ideas on those other methods?
This is a xp client machine so it doesn't run any services like web, ftp, email stc.
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #3 on: September 16, 2011, 02:36:58 PM »
What ports are responding?
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
hayabusa
Hero Member
*****
Offline Offline

Posts: 1632



View Profile
« Reply #4 on: September 16, 2011, 03:26:15 PM »
As cd1zz said, it's either seeing what services respond and exploiting those, or client-side attack, if you manage to take advantage of someone who uses it. 

(But targeting a client-side against a remote lab machine might be difficult, as you probably have NO idea what the person is doing...)
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
blueaxis
Newbie
*
Offline Offline

Posts: 44


View Profile
« Reply #5 on: September 16, 2011, 03:53:55 PM »
Thanks for the replies.

I haven't fully nmapped the system. So I don't know what ports are open. I always had this question; even if I know what ports are open how do I start communicating with it. Except for few common ports like ftp, ssh, http etc because there is info available how to interact with them.

I could not find a comprehensive list how to banner grab a port 445, 500, or something in those ranges. Do you know any resources or pointers by chance?
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #6 on: September 16, 2011, 04:03:57 PM »
Depends on the service but for 445 look at the auxiliary smb modules in metasploit. Or, start searching for smb enumeration tools, there are a few in backtrack. Depends on the information you find on which direction you go from there.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
blueaxis
Newbie
*
Offline Offline

Posts: 44


View Profile
« Reply #7 on: September 16, 2011, 04:15:58 PM »
Does RFC's provide a good reference point?
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #8 on: September 16, 2011, 06:45:39 PM »
If you're just trying to banner grab smb, then you don't have to reference any RFCs because the tools are already built for you. The only time I reference an RFC is if I'm trying to fuzz a protocol or if I'm troubleshoot a problem with something and I need to know what I'm looking at in a packet....or if I just want to understand how it works.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.094 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.