Null Sessions

You people might be thinking why I am writing about old and uninterested topic like Null Sessions, but believe me or not, this old topic is still used in most of the companies or business and there’s nothing wrong with knowing something which might e useful to you. Null Sessions are anonymous sessions  in windows platform. Now the question which arises here is WHY’D PEOPLE USE SOMETHING WHICH IS NOT SAFE AT ALL? Answer to this is really simple i.e THEY TRUST ONE ANOTHER! Null session is a way through which processes make connection to other host’s processes in-order to communicate and they does it without the use of username/password. Null session provide network share which is freely accessible known as IPC$ (Interprocesses Communication share).Null Session came around the time from Windows NT/Windows 2000 allowing Read/Write sessions. And in Windows XP/ Windows 2003 they allowed Read Access. Now You are pretty much aware of the fact why hackers mostly use to scan for NULL Sessions. Lets Find Out A Little More About It.

Some Points To Remember!

  • Works On Port 139 or 445
  • For disabling or Restricting Anonymous session vale should be 0 (zero).

For Restricting Anonymous Sessions:

In Windows NT :

  1. Run the Registry editor (Regedt32.exe)
     Find the following key in the registry:

    1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
      Control\LSA
    2.  Click On Edit Menu then click Add value and use following :
       Value Name: RestrictAnonymous
       Data Type: REG_DWORD
       Value: 1
  2. For Windows XP, 2003 :
    1. Run the Registry editor (Regedt32.exe or Regedit.exe)
       Find Below key in the registry:

      1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
        Control\LSA
      2.  On Edit menu, Click Add value and use following:
         Value Name: RestrictAnonymous
         Data Type: REG_DWORD
         Value: 1
      3. On Edit menu, Click Add value and use following:
         Value Name: RestrictAnonymousSam
         Data Type: REG_DWORD
         Value: 1
      4.  On Edit menu, Click Add value and use following:
         Value Name: EveryoneIncludesAnonymous
         Data Type: REG_DWORD
         Value: 0
      5. For Windows 2000
         Run the Registry editor (Regedt32.exe or Regedit.exe)
         Go to the following key in the registry:

        1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
          Control\LSA
        2.  On Edit menu, Click Add value and use following:
           Value Name: RestrictAnonymous
           Data Type: REG_DWORD
           Value: 2

All the windows version NT,2003,2000 and XP Allows Null Session by default and this is because operating systems can easily access and identify shared resources and peripherals in a trusted network which is done by IPC$. The default setting of RestrictAnonymous for Windows NT and 2000 is a value of 0. When NT and Windows 2000 RestrictAnonymous is set to a value of 1, a NULL session can still be made, but much of the user enumeration
data is restricted. Setting the RestrictAnonymous value to 2 prevents a NULL  session from occurring.
For maximum security a value of 2 should be used on Windows 2000 and a value of 1 for Windows NT; however, some connection problems may occur in a heterogeneous network if a Windows 2000 domain must share its
resources with non-2000 clients. In this case these clients will be unable to connect to the domain and will effectively be denied access to its resources.For Windows XP and 2003 the default RestrictAnonymous setting is 0. In addition Windows XP and 2003 have the settings of RestrictAnonymousSam, with a default value of 1, and EveryoneIncludesAnonymous, with a default value of 0. The only valid option for Windows XP and 2003 for RestrictAnonymous is either 0 or 1. Setting the RestrictAnonymous value to 0 will allow NULL sessions to enumerate shares. Setting the RestrictAnonymous value to 1 will limit access to the shared information. Setting the RestrictAnonymousSam value to 0 will allow the enumeration of user accounts.Changing RestrictAnonymousSam  value to 1 will prevent the enumeration of local SAM accounts. Setting the EveryoneIncludesAnonymous to a value of 0 will ensure NULL sessions have no special rights. Setting the EveryoneIncludesAnonymous to a value of 1 will give NULL sessions access to the Everyone group, including any right set to that group.

 

Stay Anonymous 🙂

Ciao!

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: