John E.

0 %
avatar
John E.
Red Teamer
Incidence Responder
SANS GCIH | OSCP
  • Location:
    Inside a Pineapple under the sea.
Batch
Bash
Powershell
html
CSS
Js
PHP
WordPress
  • Linux, Windows
  • Windows Server
  • Linux Server
  • Cloud, Azure, AWS, Oracle
Contact Me

Microsoft Windows SMB NULL Session Authentication

August 9, 2022
Microsoft Windows SMB NULL Session Authentication

Vulnerability: Microsoft Windows SMB NULL Session Authentication

Severity: High

Description: The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.

Solution: Apply the following registry changes per the referenced Technet advisories:

Set:

  • HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Steps

Run regedit/OpenRegistry Editor

Navigate to the following Registry entry and set Value of restrictanonymous to 1

HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous

Navigate to the following Registry entry and set Value of restrictnullsessaccess to 1

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess

Posted in Vulnerability Remediation by Ebuka John OnyejegbuTags:

Leave a Reply

Previous
All posts

Discover more from John E.

Subscribe now to keep reading and get access to the full archive.

Continue reading