[unisog] Re: Coordinated Scan
reggers at ist.uwaterloo.ca
Mon Apr 8 18:06:26 GMT 2002
> Excuse my ignorance with Microsoft products, but how does a hacker find
> out the usernames on a Windows box?
I'm very ignorant about Microsoft products but.....
1). The Microsoft Personal Security Advisor at
is a self-service page to help one with security settings, patches and
more. One of those security settings:
has these values:
0 - "None. Rely on default permissions"
1 - "Do not allow enumeration of SAM accounts and names"
2 - "No access without explicit anonymous permissions" (not available on Windows NT 4)
It's apparent that you can lock down a machine to stop the information
leak (but don't try this setting on an Active Directory server ;-)
2). The "null.pl" mentioned in another response is found at:
But I've not tried it. Especially to see if the setting in 1) above stops
the information leak
3). I did a very simple scan of our campus searching for open c$ shares
accessible by Administrator with "" password using smbclient. I used
nmap to find those machines that look like Windows and piped that
[2:02pm ist] more SmbProbe
# Foreach IP number provided, determine if the site has an open admin passwd.
while read ip; do
echo quit |\
smbclient "//$ip/c\$" '' -U Administrator >/dev/null 2>&1 && echo $ip
I found open systems... of course. You will to if you scan your campus.
More information about the unisog