null-session-allowed: Null Session Allowed

日期: 2025-08-01 | 影响软件: null session allowed | POC: 已公开

漏洞描述

Checks if null sessions are allowed via any entry in the NullSessionPipes registry key, posing a security risk.

PoC代码[已公开]

id: null-session-allowed

info:
  name: Null Session Allowed
  author: princechaddha
  severity: high
  description: Checks if null sessions are allowed via any entry in the NullSessionPipes registry key, posing a security risk.
  impact: |
    Allowing null sessions can lead to unauthorized access to network resources, increasing vulnerability to attacks.
  remediation: |
    Disable null sessions by ensuring no entries are allowed in the NullSessionPipes registry key.
  tags: windows,null-session,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'NullSessionPipes').NullSessionPipes.Count -gt 0) { "Null sessions are allowed" }

    matchers:
      - type: word
        words:
          - "Null sessions are allowed"
# digest: 490a0046304402200857b8cbdd89ddbe3d1e2c0002b8a422f90a68413fc8983053bf4833254d07a902202627156eeabfa4cba4dbee4703258acf9c1429d617e6be517b508d4a257fc70c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/null-session-allowed.yaml