mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-08 11:43:17 +08:00
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
id: null-session-allowed
|
|
|
|
info:
|
|
name: Null Session Allowed
|
|
author: princechaddha
|
|
severity: high
|
|
description: Checks if null sessions are allowed via any entry in the NullSessionPipes registry key, posing a security risk.
|
|
impact: |
|
|
Allowing null sessions can lead to unauthorized access to network resources, increasing vulnerability to attacks.
|
|
remediation: |
|
|
Disable null sessions by ensuring no entries are allowed in the NullSessionPipes registry key.
|
|
tags: windows,null-session,code,windows-audit
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- pre-condition: |
|
|
IsWindows();
|
|
engine:
|
|
- powershell
|
|
- powershell.exe
|
|
args:
|
|
- -ExecutionPolicy
|
|
- Bypass
|
|
pattern: "*.ps1"
|
|
source: |
|
|
if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'NullSessionPipes').NullSessionPipes.Count -gt 0) { "Null sessions are allowed" }
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Null sessions are allowed"
|
|
# digest: 4a0a0047304502203f354986ddf8ea42f23b7bc4f6dc48c4fabd785f0f7638101b38fb5609522783022100b1cd022b5f6441cc6a65d8523baa03ff8d219486c56ba38ce85256776d54420a:922c64590222798bb761d5b6d8e72950 |