What is NULL Session Attacks

A null session is an anonymous connection to an Windows-based computers in which weaknesses in the NetBIOS networking protocol are exploited to allow a user to create an unauthenticated connection with a Windows-based computers. The service is designed to allow named pipe connections but may be used by attackers to remotely gather information about the system.

To the Windows system, the user appears as an anonymous user; however, a malicious user can use a low-level remote procedure call (RPC) and other probing utilities in an attempt to glean information on services running on the system, attempt privilege escalation, or access user account and passwords information. Worms have also been known to spread via RPCs in NULL sessions.

Simple registry and access permissions settings allow administrators to prevent anonymous NULL session connections and enforce authenticated access for non-system service–related access. Newer versions of Windows are not generally vulnerable to the risk of NULL session exploitation via default configuration parameters, but older versions of Windows such as Windows 2000 and NT still have these vulnerabilities.


Did you find this tutorial helpful? Don’t forget to share your views with us.