Re: Using Null Session information from NAT.EXE

From: Oliver Karow (Oliver.Karowat_private)
Date: Tue Oct 30 2001 - 00:10:15 PST

Next message: Blake Frantz: "NAI ePolicy Orchestrator"

Previous message: Herman Sheremetyev: "RE: Using Null Session information from NAT.EXE"
In reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

reading your mail on the fly.... i would say you should try
net use with the following style  "/USER:domainname\username" or
"/USER:hostname\username"
because it might be the old problem with the local admin vs domain admin

bye...

Oliver


----- Original Message -----
From: "Ian Lyte" <ianlyteat_private>
To: <pen-testat_private>
Sent: Tuesday, October 30, 2001 5:39 PM
Subject: Using Null Session information from NAT.EXE


> Running NAT.EXE on a machine my local network gives me the following
results
> [obvious bits changed]
>
>
> [*]--- Reading usernames from user.txt
> [*]--- Reading passwords from bigpass.txt
>
> [*]--- Checking host: xxx.xxx.xxx.xxx
> [*]--- Obtaining list of remote NetBIOS names
>
> [*]--- Attempting to connect with name: *
> [*]--- Unable to connect
>
> [*]--- Attempting to connect with name: *SMBSERVER
> [*]--- CONNECTED with name: *SMBSERVER
> [*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
> [*]--- Server time is Tue Oct 30 14:30:36 2001
> [*]--- Timezone is UTC+0.0
> [*]--- Remote server wants us to encrypt, telling it not to
>
> [*]--- Attempting to connect with name: *SMBSERVER
> [*]--- CONNECTED with name: *SMBSERVER
> [*]--- Attempting to establish session
> [*]--- Was not able to establish session with no password
> [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `0'
>
> <---SNIP--->
>
> [*]--- Attempting to connect with Username: `ADMINISTRATOR' Password:
> `password'
> [*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password'
>
> [*]--- Obtained server information:
>
> Server=[xxxxxxx] User=[] Workgroup=[xxxxxxx] Domain=[]
>
> [*]--- Attempting to access share: \\*SMBSERVER\ <file://\\*SMBSERVER\>
> [*]--- Unable to access
>
> [*]--- Attempting to access share: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- Checking write access in: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$
> <file://\\*SMBSERVER\ADMIN$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\C$
<file://\\*SMBSERVER\C$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
> [*]--- Checking write access in: \\*SMBSERVER\C$ <file://\\*SMBSERVER\C$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$
> <file://\\*SMBSERVER\C$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\D$
<file://\\*SMBSERVER\D$>
> [*]--- WARNING: Able to access share: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
> [*]--- Checking write access in: \\*SMBSERVER\D$ <file://\\*SMBSERVER\D$>
> [*]--- WARNING: Directory is writeable: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
> [*]--- Attempting to exercise .. bug on: \\*SMBSERVER\D$
> <file://\\*SMBSERVER\D$>
>
> [*]--- Attempting to access share: \\*SMBSERVER\ROOT
> <file://\\*SMBSERVER\ROOT>
> [*]--- Unable to access
>
> [*]--- Attempting to access share: \\*SMBSERVER\WINNT$
> <file://\\*SMBSERVER\WINNT$>
> [*]--- Unable to access
>
>
> Now from here I thought it would just be a case of
>
> NET USE Z: xxx.xxx.xxx.xxx\c$ /user:administrator password
>
> to map the C$ to a local z:
>
> However every time I try that it gives me a
>
> System error 1326 has occurred.
> Logon Failure: unknown user name or bad password.
>
> Now I have gone to the machine and know that the user:pass combo is
correct.
>
> So, what am I doing wrong? I've searched the archives to no avail and I
> notice on Google groups that a lot of people have asked the same question
> but not received an answer. So I am turning to you guys ;)
>
> Ian
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Blake Frantz: "NAI ePolicy Orchestrator"
Previous message: Herman Sheremetyev: "RE: Using Null Session information from NAT.EXE"
In reply to: Ian Lyte: "Using Null Session information from NAT.EXE"
Next in thread: Tom Fischer: "Re: Using Null Session information from NAT.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 16:41:52 PST