Anyways, I have an unpatched XP with no service pack running as a virtual machine and another running XPsp3 where I test from.
I didnt have an any trouble setting up a null session as it told me it was set up successfully. However, it did take some work to get user2sid to work remotely...it always told me the user did not exist, even though the previous step set up the null session and ports 137 and 445 were both open. It did seem to work once I put both machines in the same workgroup.
However, I then tried dumpsec to get an enumerated list, but I haven't been able to get that to work. I set up the null session as before and can use the net use command and user2sid remotely, but after connecting to the same machine in dumpsec it fails to retrieve a list of users...am i doing something wrong? Is dumpsec broken for XP? I tried to find some other enum tools that were mentioned in my book, but I cant even find any to download. The one enum.exe download i found was corrupted, tried searching for 4getacct as mentioned in my book, but the only thing pulled up by google wwas references to the chapter from the book I'm reading.
I also checked the registry settings, which were still the defaults. Restrictanom was set to 0 and restrictanomsam was set to 1. Tried changing this to 0 as well to see if that would fix the issue with dumpsec but still no luck...
So...anyone have any ideas? Is it worth the trouble to even try to get this to work? Can i still use this in real life or just need to know the idea for the CEH?