From: Paul Asadoorian (paul@pauldotcom.com)
Date: Tue Sep 26 2006 - 12:29:38 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi David,
I never found a truly reliable way to test for null sessions from Linux.
You could try using "smbclient" (part of Samba):
$ smbclient -I 192.168.1.31 -L MONKEY -N -U ""
Domain=[FOO] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Domain=[FOO] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
--------- -------
Workgroup Master
--------- -------
If the host was vulnerable you would see the share information, instead
you see "NT_STATUS_ACCESS_DENIED". As I stated before, I don't know how
accurate this method will, but I supposed you could script it in
conjunction with "nbtscan" [1] and find out really quick :)
I found that hunt was the most reliable tool for identifying null
sessions[2].
Paul
[1] http://www.unixwiz.net/tools/nbtscan.html
[2] http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html
David Huemer wrote:
> Hi!
>
> Does anyone know some good Linux tools for enumerating NULL sessions?
- --
Paul Asadoorian
Email: paul@pauldotcom.com
Web: http://pauldotcom.com
IRC: #pauldotcom | irc.freenode.net
# rm -fr *clothing* ; ./hack.sh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFGVVxEVNhUUh/4JQRAucBAJ9J6XwpGDIkGAOLy+DX49fy+85m3gCfTBkb
/6wflQj4ivLOCRrOjYjTtnI=
=m0rj
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:01 EDT