Cut from : http://www.fastlane.net/~thegnome/faqs/hackfaq/hac kfaq-11.html
11.4 What can null sessions to an NT machine tell me?
By establishing a null session from your NT attacking machine to the target server, there are a few different things you can do to get account info:
net use \\server_name\ipc$""/user:""
if you see "The command completed successfully" then you are connected. Using local.exe and global.exe from the NT Resource Kit shold get you some usefull info. Here are two examples.
Get the local administrators on the target:
local anmistrators \\server_name
Get the members of the group Domain Admins:
global "domain admins" \\server_name
For even more information, rum DumpACL and go for the user and group reports. This should give you every account on the box, plus a host of other useful info, such as who logged in last, if a password is required, who is in what group, etc. From this y ou can target specific accounts to attempt access.
To find the role of the machine, domain names, and dc names try using netdom.exe. To find the last logon time try usrstat.exe. Both are in the resource kit.
For some info on shares try net view.
Also, netcat works on multiple platforms and it can be used to forward nt-specific attacks if a direct connection to the target does not exist
Finally, if a password is shorter than seven characters, then lanman-hash(a modified samba client whose source code can be found from the ntbugtraq website) could be used as a password equivalent.
I had problem with RH too. I switched to SuSE on a friends advise. I loaded it and downloaded the IBM JDK. Then ftp'd the newest. 8.1.7 from Oracle.
NO PROBLEMS! Other than a syntax error in the root.sh script. I could live with that.
Slashdot Mirror
Sorry, I see it the same program.
Cut from : http://www.fastlane.net/~thegnome/faqs/hackfaq/hac kfaq-11.html
11.4 What can null sessions to an NT machine tell me?
By establishing a null session from your NT attacking machine to the target server, there are a few different things you can do to get account info:
net use \\server_name\ipc$""/user:"" if you see "The command completed successfully" then you are connected. Using local.exe and global.exe from the NT Resource Kit shold get you some usefull info. Here are two examples. Get the local administrators on the target: local anmistrators \\server_name Get the members of the group Domain Admins: global "domain admins" \\server_name For even more information, rum DumpACL and go for the user and group reports. This should give you every account on the box, plus a host of other useful info, such as who logged in last, if a password is required, who is in what group, etc. From this y ou can target specific accounts to attempt access. To find the role of the machine, domain names, and dc names try using netdom.exe. To find the last logon time try usrstat.exe. Both are in the resource kit. For some info on shares try net view. Also, netcat works on multiple platforms and it can be used to forward nt-specific attacks if a direct connection to the target does not exist Finally, if a password is shorter than seven characters, then lanman-hash(a modified samba client whose source code can be found from the ntbugtraq website) could be used as a password equivalent.
Wrong D/L legion and have fun connecting to whoever does not have security set up right.
I had problem with RH too. I switched to SuSE on a friends advise. I loaded it and downloaded the IBM JDK. Then ftp'd the newest. 8.1.7 from Oracle. NO PROBLEMS! Other than a syntax error in the root.sh script. I could live with that.
Dude if I took all my CD's and put them to MP3 it would be WAY over 40 gig! I have _ALREADY_ paid. Ass.
I know the new Dodge prototypes have this in addtion to digital satillite radio. http://www.4adodge.com/autoshow/news/hemi.html