I was on an internal pentest recently where I had the following curious situation and wondered if anyone had any insight as to what may have caused it. I used gnit.exe to attempt to enumerate the users shares etc on a Win2k DC via a null session. This only partially worked in that I got the NBTSTAT info back and the SHARE info but NOT the user or group information. I was able to get the userlist via RID cycling but I was curious as to why this happened. Other Win2K boxes on the network (non DC) gave up everything A ok. Now in my experience if they had RestrictAnonymous set then I would not have got the share information back ! They were all SP2 and had SP2SRP1 installed. Any help greatly appreciated. xenolithat_private Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 15:36:37 PDT