Security Incidents mailing list archives
Re: Strange Folder
From: Midkaemia <midkaemia () midkaemia fsnet co uk>
Date: Sun, 6 Oct 2002 22:45:58 +0100
Another possibility is that they have exploited the default "null sessions" vulnerability of a netbios enabled windows machine. They don't have to be a domain user, they just connect as follows.. net use * \\<target>\<any admin share> /user:"" "" admin shares can be... ipc$ c$ <any other drive>$ admin$ They can also connect to any public share with no security set. This way they connect with a blank username and a blank password. A single registry key fixes some of the associated problems. See the following link for a discussion of some of the nitty gritty. http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html Cheers Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange Folder discipulus (Oct 05)
- Re: Strange Folder Nick Jacobsen (Oct 06)
- Message not available
- Re: Strange Folder discipulus (Oct 06)
- Re: Strange Folder Midkaemia (Oct 06)
- Re: Strange Folder discipulus (Oct 07)
- Message not available
- Re: Strange Folder Nick Jacobsen (Oct 06)
- <Possible follow-ups>
- Re: Strange Folder discipulus (Oct 06)
- Re: Strange Folder Neil Dickey (Oct 06)
- Re: Strange Folder discipulus (Oct 06)
- Forensics CD (was: Re: Strange Folder Meritt James (Oct 07)
- Re: Forensics CD (was: Re: Strange Folder Chet Uber (Oct 08)
- Re: Forensics CD (was: Re: Strange Folder Ryan McBride (Oct 08)