4.7.1. Introduction

NULL sessions refer to the possibility to use unauthenticated SMB sessions to the IPC$ share to gather information anonymously, using RPC function calls carried into SMB.

SMB sessions are typically authenticated. However, it is possible to use an empty username and password, which results in a NULL session, i.e an anonymous SMB session.

The MSRPC NULL sessions: exploitation and protection presentation is available to complement the information found in this section.