issuhub.com

CEH

(Jeff_L) #1

Windows Basics 135


■ -n Names: Displays the names registered locally by NetBIOS applications such as the


server and redirector

■ -r Resolved: Displays a count of all names resolved by broadcast or the WINS server


■ -s Sessions: Lists the NetBIOS sessions table and converts destination IP addresses to


computer NetBIOS names

■ -S Sessions: Lists the current NetBIOS sessions and their status, along with the IP


address

The nbtstat command is case sensitive. Note that some of the switches

are uppercase and some are lowercase, and this is how you must use

them. If you fail to use the correct case for the switch, the command may

yield incorrect results or no result at all.

NULL Sessions


A powerful feature as well as a potential liability is something known as the NULL session.
This feature is used to allow clients or endpoints of a connection to access certain types of
information across the network. NULL sessions are not anything new and in fact have been
part of the Windows operating system for a considerable amount of time for completely
legitimate purposes; the problem is that they are also a source of potential abuse as well. As
you will soon see, the NULL session can reveal a wealth of information.
Basically a NULL session is something that occurs when a connection is made to a
Windows system without credentials being provided. This session is one that can only be
made to a special location called the interprocess communication (IPC), which is an admin-
istrative share. In normal practice, NULL sessions are designed to facilitate a connection
between systems on a network to allow one system to enumerate the process and shares on
the other. Information that may be obtained during this process includes:


■ List of users and groups


■ List of machines


■ List of shares


■ Users and host SIDs


The NULL session allows access to a system using a special account called a NULL
user that can be used to reveal information about system shares or user accounts while not
requiring a username or password to do so.
Exploiting a NULL session is a simple task that requires only a short list of commands.
For example, assume that a computer has the name “zelda” as the hostname, which would
mean you could attach to that system by using the following, where the host is the IP
address or name of the system being targeted:


net use \zelda\ipc$ " /user:"

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.