Ebuka John Onyejegbu

0 %
avatar
Ebuka John Onyejegbu
Red Teamer
Incidence Responder
SANS GCIH | OSCP
  • Residence:
    Nigeria
  • City:
    Lagos
Batch
Bash
Powershell
html
CSS
Js
PHP
WordPress
  • Linux, Windows
  • Windows Server
  • Linux Server
  • Cloud, Azure, AWS, Oracle
Contact Me
0

No products in the cart.

Microsoft Windows SMB NULL Session Authentication

August 9, 2022
Microsoft Windows SMB NULL Session Authentication

Vulnerability: Microsoft Windows SMB NULL Session Authentication

Severity: High

Description: The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.

Solution: Apply the following registry changes per the referenced Technet advisories:

Set:

  • HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Steps

Run regedit/OpenRegistry Editor

Navigate to the following Registry entry and set Value of restrictanonymous to 1

HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous

Navigate to the following Registry entry and set Value of restrictnullsessaccess to 1

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess

Posted in Vulnerability Remediation by Ebuka John OnyejegbuTags:
Write a comment

71 − 69 =

Previous
All posts