how to access admin$ shares

OK. The short answer to your question: yes, you can authenticate through NetBIOS sessions (this being how it's usually done in the Windows world). However, this is dependent on the security policies set on the machine you're attempting to authenticate to.

Which exploit? From what you're describing, it sounds more like just routine use of NetBIOS. Knowing the exploit involved would help since the exploit may use some form of vulnerability to completely sidestep regular NetBIOS authentication, thus rendering the question moot.

If the said system is a member of a domain, then any account in the domain should be able to log into it (pending default permissions have not been changed.)

If the local administrator password is blank, then yes, you should be able to log into it. There can be two ways to log into it.. either local user (administrator is created by default) and any domain user accounts if it is a member of the domain.

If you are wanting to learn this, I would strongly suggest learning the "net use" command. I would also strongly suggest not fucking with it if it is not your system..... and don't cry to us if you do something stupid and get busted, you will be getting what you deserve.

I am not your friend...

Back in the day... way back - pre summer 1999, it used to be that Win32 would let you connect to an account that didn't have a password by leaving the password blank etc. Nowadays, since Win2k shipped and by default in XP the Borg got this novel idea that if the local administrator account had no password they wouldn't let any random remote process/person/tard connect as Adminstrator (effectively without authetication) and be able to exercise admin rights where none were expressly granted.

This would effectively prevent process/person/tard from starting and stopping services, creating shares to steal data, printing anal fissure bob on all the printers in the domain. etc. etc. It also meant that there was no need (they thought) for IT admins to maintain local system passwords - but thats a different rant.

This was done as a result of some vendor systems getting hacked during the win2k dev cycle and someone making a big stink *cough*. They didn't provide the patch for the Alpha platform, but then 2k was never shipped on the Alpha. </trivia> The feature shipped as the default in the first RTM of 2k.

I don't find your inquirey informational, I think you're a lousy social engineer (hardly deserving the title) trying to extract clues and codes from otherwise busy working people. You didn't come out and say "help me hack" because you had enough of a clue to see you'd get banned for that. The reason I'm not a moderator here is because I would ban someone like you on the first offense... and I'm offended. Now that I've answered your question "why", please...

FOAD

And you don't have to be a social engineer to guess what that means.

... my friend John Dumas once mentioned something about "low hanging fruit"


sorry renderman .. couldn't resist

This is why answering the question as written is so enjoyable :)

Haha.. that is evil.. almost as bad as me drunk-calling Render from PhreakNIC pretending to be Johnathan Dumas, Linksys legal dept.

Thanks for the info, and i m a network engineer MCSE, CCNA trying to learn about security by gaining real time hands on experience. This query is a part of what i m studying. And hacking systems does not give me thrills and excites me.

Compared to you my level of knowledge is low, but then there was a point in time when your knowledge was at the same level which only increased by studying, researching, querying etc. which is what I m doing. And yes I know the rules of the forum. No offence meant.

I m not screwing around with other people's system. I have my own LAN with 7 PCs. I m delving into IT security and this query is a part of what I m studying. Have used net use, but it connects with some PCs with null sessions and asks for passwords with some PCs. What does that mean?

You've suddenly given me confidence that I could become a MCSE with minimal effort.

Google is your friend: "what is an smb null session" or Google is your friend: "connect with a" "null sessions" smb

If these do not work, you can refine the search until it does.

Question: How can you be "MCSE" if you do not understand what a null session is and how it works?

[two months left :-]

Certified on 2000, 2k3 Server...? Stating that you are Windows MCSE certified is an openended statement.

Excellent! I am not at your level yet, however I have Recieved my ASS certificate and the prestigious HOLE modifier. I am currently working towards my MUNCH cert. I can't wait to get my new business cards with my name followed by ASSHOLE, ASSMUNCH. Oh how the chickies will line up to be with me!!!!

Thanks for expressing your credentials, but your attitude sucks.

Microsoft certifications do not teach to exploit their own vulnerabilities. Null sessions and all may be explained in theory, but practically after trying them if one faces difficulties, then one goes to forums to express the same, which is the purpose of forums anyway, to share knowledge and answer technical queries. You know I've just been trying these forums, but I think the people who claim themselves as security experts, in other words, who are so called ethical hackers, are in a different world of their own. They consider themselves superior technically and look down upon newbies. There is a lot of contradictions.