Tag: null

Microsoft SQL Server

Check for null passwords in Sql Server

One of the many ways to secure SQL Server is to review all passwords. You must also check for null passwords and if you locate any, change them. To list all users with null passwords, execute the following sql command: USE master GO   SELECT name, password FROM syslogins WHERE password IS NULL;use master go …

Enumeration, Microsoft Windows

Disable NetBIOS NULL Sessions

Use Registry Editor to view the following registry key, and then add the following value to this key, or modify it if the value already exists: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSAHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA Value: RestrictAnonymous Value Type: REG_DWORD Value Data: 0x2 (Hex) 0 None. Rely on default permissions 1 Do not allow enumeration of SAM accounts and names 2 No access …

Enumeration

Enumerate user accounts through null sessions

There is a very useful program, in BackTrack you will find it pre-installed, named rpcclient. This tool executes client side MS-RPC functions and is part of samba. rpcclient manpage   Open up a terminal and execute: rpcclient -U "" target_ip_addressrpcclient -U "" target_ip_address In password prompt just hit enter.   If the connection is successful …