`nullsessionpipes`#

$ target-query <path/to/target> -f nullsessionpipes

Details#
Module	`os.windows.generic.GenericPlugin`
Output	`records`

Module documentation

Generic Windows plugin.

Provides some plugins that don’t fit in a separate plugin.

Function documentation

Return the NullSessionPipes registry key value.

The NullSessionPipes registry key value specifies server pipes and shared folders that are excluded from the policy that does not allow null session access. A null session implies that access to a network resource, most commonly the IPC$ “Windows Named Pipe” share, was granted without authentication. Also known as anonymous or guest access. These can thus be accessed without authentication and can be leveraged for latteral movement and/or privilege escalation.

References:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares

nullsessionpipes#

`nullsessionpipes`#