|
|
|
Date Submitted:
07/11/05
Hits: 34 Rating:  based on 0 votes
User Info and User Dump TutorialAdded by Papergrl
Description:
The UserInfo and UserDump tools enumerate user credentials on Microsoft OS's as null sessions. Null sessions allow an anonymous attackers to extract a great deal of information about a system, most importantly, account names. They are dangerous because they allow attackers to pull juicy user data from the machine. Windows NT, 2000 and even Server 2003 domain controllers are susceptible to enumeration using null sessions. The key point to take away on null sessions and enumeration is that you can obtain account names to use on dictionary attacks and other information like last logon, privileges, and when and if the password expires. It even gives you the logon hours so we aren't knocking on the door when the user should be asleep and not able to log in.
Read the Complete Paper You don't have permission to post replies. Please login or register. |