.

Need help with NULL User Session IPC$

<<

blueaxis

Newbie
Newbie

Posts: 44

Joined: Fri Sep 09, 2011 9:20 am

Post Fri Sep 16, 2011 11:11 am

Need help with NULL User Session IPC$

Using PsExec I was able to access the NULL user session IPC$ share on a remote lab machine. I was able to confirm that by looking at netstat "established" connections. However I couldn't continue further because I keep getting Access Denied errors. Does it mean it can't be assessed further?
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Fri Sep 16, 2011 12:35 pm

Re: Need help with NULL User Session IPC$

It means it was patched such that null user sessions have very limited rights.  You should look for other methods of penetration.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

blueaxis

Newbie
Newbie

Posts: 44

Joined: Fri Sep 09, 2011 9:20 am

Post Fri Sep 16, 2011 12:46 pm

Re: Need help with NULL User Session IPC$

Thanks for the clarification. Can you throw some ideas on those other methods?
This is a xp client machine so it doesn't run any services like web, ftp, email stc.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Sep 16, 2011 2:36 pm

Re: Need help with NULL User Session IPC$

What ports are responding?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1702

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Sep 16, 2011 3:26 pm

Re: Need help with NULL User Session IPC$

As cd1zz said, it's either seeing what services respond and exploiting those, or client-side attack, if you manage to take advantage of someone who uses it. 

(But targeting a client-side against a remote lab machine might be difficult, as you probably have NO idea what the person is doing...)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

blueaxis

Newbie
Newbie

Posts: 44

Joined: Fri Sep 09, 2011 9:20 am

Post Fri Sep 16, 2011 3:53 pm

Re: Need help with NULL User Session IPC$

Thanks for the replies.

I haven't fully nmapped the system. So I don't know what ports are open. I always had this question; even if I know what ports are open how do I start communicating with it. Except for few common ports like ftp, ssh, http etc because there is info available how to interact with them.

I could not find a comprehensive list how to banner grab a port 445, 500, or something in those ranges. Do you know any resources or pointers by chance?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Sep 16, 2011 4:03 pm

Re: Need help with NULL User Session IPC$

Depends on the service but for 445 look at the auxiliary smb modules in metasploit. Or, start searching for smb enumeration tools, there are a few in backtrack. Depends on the information you find on which direction you go from there.
<<

blueaxis

Newbie
Newbie

Posts: 44

Joined: Fri Sep 09, 2011 9:20 am

Post Fri Sep 16, 2011 4:15 pm

Re: Need help with NULL User Session IPC$

Does RFC's provide a good reference point?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Sep 16, 2011 6:45 pm

Re: Need help with NULL User Session IPC$

If you're just trying to banner grab smb, then you don't have to reference any RFCs because the tools are already built for you. The only time I reference an RFC is if I'm trying to fuzz a protocol or if I'm troubleshoot a problem with something and I need to know what I'm looking at in a packet....or if I just want to understand how it works.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software