SANS 560 - Net Use & System Error 5 "Access is denied"
valbizuresjr81
Member Posts: 14 ■□□□□□□□□□
in GIAC
Please let me know if this is not the correct forum to post these types of questions:
I'm trying to create a session between two windows 10 "workstations"
Target & Attacking Machine are set to Send LM & NTLM responses
UNC is disabled on both
Firewall is disabled on both
No Anti-virus running on either
From the Attacking macine I'm running:
net use * \\targetipaddress\c$
prompted for user name and password.
Then I get
System error 5 has occured. Access is denied.
When I look at the target machine I see a Logon event followed by a log off event. (See below). Not sure what else to try to get this to work. Any advice?
Thanks in advance.
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: No
Impersonation Level: Impersonation
New Logon:
Security ID: EmmaNayeli\valbizures
Account Name: valbizures
Account Domain: EmmaNayeli
Logon ID: 0xECB8205
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: WOPR
Source Network Address: 192.168.1.76
Source Port: 52007
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
Followed By:
An account was logged off.
Subject:
Security ID: EmmaNayeli\valbizures
Account Name: valbizures
Account Domain: EmmaNayeli
Logon ID: 0xECB8205
Logon Type: 3
I'm trying to create a session between two windows 10 "workstations"
Target & Attacking Machine are set to Send LM & NTLM responses
UNC is disabled on both
Firewall is disabled on both
No Anti-virus running on either
From the Attacking macine I'm running:
net use * \\targetipaddress\c$
prompted for user name and password.
Then I get
System error 5 has occured. Access is denied.
When I look at the target machine I see a Logon event followed by a log off event. (See below). Not sure what else to try to get this to work. Any advice?
Thanks in advance.
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: No
Impersonation Level: Impersonation
New Logon:
Security ID: EmmaNayeli\valbizures
Account Name: valbizures
Account Domain: EmmaNayeli
Logon ID: 0xECB8205
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: WOPR
Source Network Address: 192.168.1.76
Source Port: 52007
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
Followed By:
An account was logged off.
Subject:
Security ID: EmmaNayeli\valbizures
Account Name: valbizures
Account Domain: EmmaNayeli
Logon ID: 0xECB8205
Logon Type: 3
Comments
-
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
Check if the SMB is disabled.
To enable or disable SMBv1 on the SMB server, configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
To enable or disable SMBv2 on the SMB server, configure the following registry key:Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB2
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = EnabledStill searching for the corner in a round room.