Penetration Testing mailing list archives
RE: Using Null Session information from NAT.EXE
From: "Ian Lyte" <ianlyte () hotmail com>
Date: Wed, 31 Oct 2001 10:07:10
Thanks to everyone who got back to me. Unfortunately no-one seems to have hit upon the solution as yet.
On reviewing my post I realise (or more accurately - have had pointed out to me!) that I did infact forget to put a \\ in font of the IP address i.e NET USE * \\10.10.10.10\c$ ... . Sorry this was a typo.
Most of the replies I received centred around NET USE * \\10.10.10.10\c$ password /user:domain_name\Administrator and NET USE * \\10.10.10.10\c$ password /user:computer_name\Administrator Unfortunately these were unsuccesful as well. And the computer_name is in the lmhosts file.I did leave out some information on my original post that is probably very relevant for which I do apologise if I have wasted anyone's time due to the fact that is is now a blindingly obvious solution.
I'm trying to connect from an NT4 workstation, with non-admin privileges, to a Windows 2000 box if this makes a difference.
Bikar Dude suggested getting hold of a modified smbclient to use instead of NET - anybody have any suggestions as to where I may find one?
The big question is, for me anyway, since NAT.EXE has succesfully found the Admin password it is obviously managing to connect to the other box somehow and get authenticated. How is it that NAT can and I can't? Is this due to NAT using its own modified SMBCLIENT and if so where can I get a copy of the SMBCLIENT only?
Thanks again to all who replied. Ian _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Using Null Session information from NAT.EXE Ian Lyte (Oct 30)
- Re: Using Null Session information from NAT.EXE Oliver Karow (Oct 30)
- Re: Using Null Session information from NAT.EXE Tom Fischer (Oct 30)
- Re: Using Null Session information from NAT.EXE Bikar Dude (Oct 30)
- <Possible follow-ups>
- RE: Using Null Session information from NAT.EXE Herman Sheremetyev (Oct 30)
- Re: Using Null Session information from NAT.EXE Mike Brentlinger (Oct 30)
- RE: Using Null Session information from NAT.EXE Ian Lyte (Oct 31)
- RE: Using Null Session information from NAT.EXE crazytrain.com (Oct 31)