From: H D Moore (sflist@digitaloffense.net)
Date: Mon Mar 07 2005 - 16:04:33 EST
Windows XP and 2003 will map an invalid login to an anonymous session. You
can tell whether your authentication is a real or anonymous one by
checking the "Action" flag in the response to your SessionSetup request.
For some goofy reason, Windows XP will deny "null" authentication, but
allow null sessions with an invalid username. The server will accept
connections to the remote registry service and the ADMIN$ share, but you
will not have access to view or modify the contents in a default
configuration.
-HD
On Sunday 06 March 2005 06:54, Wbsony wrote:
> Anybody encountered this situation before and could enlighten me?
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT