Solved

Netbios  - Using IPC$ null session to compromise windows system

Posted on 2004-04-27
5
4,493 Views
Last Modified: 2013-12-04
I am doing security penetration testing from a Linux (RH9.0) environment...

1: Port scan

2: nmblookup

3: smbclient

I have accessed my computer (remotely) using a null session to

//server/IPC$

with the following smbclient command

[user@localhost /] smbclient //server/IPC$ "" -dt/share -I 172.16.0.1 -N -W WORKGROUP

which gives me the prompt

smb \>

I do not have write access.

Where do I go from here on a Linux machine?

I want to emumerate users/shares/etc..  but I am using Linux...  Any ideas?

Also, what else can be done to gain access once you have a null session?


0
Comment
Question by:cduke250
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
PERL !-)
http://www.roth.net/perl/scripts/scripts.asp?Null.pl
http://www.xav.com/perl/site/lib/Win32/NetResource.html

You can use perl in windows alot, even run it on them ... I remember using cygwin and a few others on winblows, and it was doing a fine job, then I found a book that helped me administer M$ how I always wanted too...
http://www.amazon.com/exec/obidos/tg/detail/-/1578700566/qid=1083120410/sr=8-1/ref=sr_8_xs_ap_i1_xgl14/104-5064769-9078301?v=glance&s=books&n=507846

I also found that *nix can make ton's of API calls and other very usefull interactions with M$ without much fuss :)

I hope that script helps ... it's very similar to how you can do the same thing's with windows itself... (winfo.exe is a great program)
GL!
-rich
0
 
LVL 3

Author Comment

by:cduke250
Comment Utility
Sorry little confused here...

Are you saying to download perl and then download win32 and lanman libs/src and then compile this script in linux?

Will it work from linux or do I have to wine it?

I installed wine but haven't been able to get enum.exe , dumpSEC, nete, user2sid, sid2user to work with it yet...  wine debug
says it can't find certain functions of the netapi32.dll files.  

0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
no no the native perl should work... I was going a bit off topic- the win32 book i mentioned is for running perl on win2k etc... sorry... Perl doesn't compile... you save the script in a txt file, and make sure you have the modules it calls (use Win32::Lanman;use Win32::TieRegistry) that's all.  then run it...  "./null.pl"

wine won't work for most of those tools, VMware would... but you might as well have a M$ pc then...
-rich
0
 
LVL 3

Author Comment

by:cduke250
Comment Utility
Tell me where to download win32::lanman and win32::tieregistry and how to install and you got yourself 400 points rich.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
Comment Utility
CPAN owns
Normally most of these are included, Perl will just make a CALL to them... http://www.cpan.org/misc/cpan-faq.html#How_installed_modules
http://www.cpan.org/modules/by-module/Win32/  (search for "tie" and "lanman"
and look here for additional help
http://perl.about.com/library/weekly/aa030500a.htm (4 page article)
GL!
-rich



0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now