Null session

From Wikipedia, the free encyclopedia
Jump to: navigation, search
This article has multiple issues. Please help improve it or discuss these issues on the talk page.
  • Its introduction provides insufficient context for those unfamiliar with the subject. Tagged since October 2008.
  • The notability of this article's subject is in question. If notability cannot be established, it may be listed for deletion or removed. Tagged since October 2008.

A null session is an anonymous connection to a freely accessible network share called IPC$ on Windows-based servers[1]. It allows immediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003.

The command to be inserted at a DOS-prompt is:

net use \\IP address_or_host name\ipc$ "" "/user:" 
net use

"From a NULL session, hackers can call APIs and use Remote Procedure calls to enumerate information. These techniques can, and will provide information on passwords, groups, services, users and even active processors. NULL session access can also even be used for escalating privileges and perform DoS attacks." (1)

[edit] References

  1. ^ http://www.softheap.com/security/session-access.html


Stub icon This computer networking article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org/w/index.php?title=Null_session&oldid=455316442"
Personal tools
Namespaces
Variants
Actions
Navigation
Interaction
Toolbox
Print/export
Languages