A null session occurs when you log in to a system with no username or password. NetBIOS null sessions are a vulnerability found in the Common Internet File System (CIFS) or SMB, depending on the operating system.
Note: Microsoft Windows uses SMB, and Unix/Linux systems use CIFS.
Once an attacker has made a NetBIOS connection using a null session to a system, they can easily get a full list of all usernames, groups, shares, permissions, policies, services, and more using the Null user account. The SMB and NetBIOS standards in Windows include APIs that return information about a system via TCP port 139.
One method of connecting a NetBIOS null session to a Windows system is to use the hidden Inter-Process Communication share (IPC$). This hidden share is accessible using the net use command.
The “net use” command is a built-in Windows command that connects to a share on another computer. The empty quotation marks (” “) indicate that you want to connect with no username and no password. To make a NetBIOS null session to a system with the IP address 18.104.22.168 with the built-in anonymous user account and a null password using the net use command, the syntax is as follows:
net use \\22.214.171.124 \IPC$ "" /u: ""
Once the net use command has been successfully completed, the attacker has a channel over which to use other hacking tools and techniques.« Back to Glossary Index