No announcement yet.

Enumeration - NULL Sessions

  • Time
  • Show
Clear All
new posts

  • Enumeration - NULL Sessions

    A NULL session is used to allow clients or endpoints of a connection to access certain types of information across a network, and can sometimes reveal a wealth of information. A NULL session is something that occurs when a connection is made to a Windows system without the use of credentials. This session is one that can only be made to a special location by use of Inter-process Communication (IPC), which is an administrative share on a Windows system. In normal practice, NULL sessions are designed to facilitate a connection between systems on a network to allow one system to enumerate the other.

    Information that may be obtained during this process includes
    • List of users and groups
    • List of machines
    • List of shares
    • Users and host SIDs
    • OS information
    • Password policies

    The results of a NULL session scan vary greatly and is affected by the target operating system version and what mitigations are in place.
    Certified Security Geek