libertyos
06-12-2007, 03:23 PM
Got a question-
If a company has NetBIOS enabled on all of their servers from DC, SQL, Web, VoIP etc...how difficult would it be to exploit null sessions to gain access? Access being elevated privileges?
Preparing for a VA and recently discovered this issue at work. Further more, through a null session I can start telnet on about half of the servers. And if that isn't enough, we allow anonymous FTP as well.
I have researched the question online however I am not finding a definitive answer so I ask you.
The only share I can access is obviously IPC$...I would like to access Admin$, C$ and the other shares as well. They are protected and I am assuming I would have to brute force a found account (DumpSec) to fully access the "gold" shares.
Any advice or comments would be appreciated.
If a company has NetBIOS enabled on all of their servers from DC, SQL, Web, VoIP etc...how difficult would it be to exploit null sessions to gain access? Access being elevated privileges?
Preparing for a VA and recently discovered this issue at work. Further more, through a null session I can start telnet on about half of the servers. And if that isn't enough, we allow anonymous FTP as well.
I have researched the question online however I am not finding a definitive answer so I ask you.
The only share I can access is obviously IPC$...I would like to access Admin$, C$ and the other shares as well. They are protected and I am assuming I would have to brute force a found account (DumpSec) to fully access the "gold" shares.
Any advice or comments would be appreciated.