Friday, March 12, 2010


This morning, i taught about Enumeration in CEH class. I used Windows 2000 for the target as it exploited null session vulnerability existed in Windows 2000 which can be used to see users, shares, and many other computer information via NetBios.

According to several resources, null session exploits only works in Windows 2000 and not found in newer version of Windows, but when i tried it this morning, it still works in XP and 2003.

You may read this article for more information about how to restrict anonymous access for NULL session and it's implication (most security countermeasures have side impact for convenience).