GEN:SID | 1:1067 |
Message | WEB-MISC net attempt |
Summary | This event is generated when the NET command is used for message sending, remote null session connections etc.
|
Impact | Information gathering.
|
Detailed Information | An attacker tried to access the "net" command on a host.
The Windows "net" command is usually not accessible through a webserver, check for possible directory traversal attacks.
Net cannot be used to gain full control of a host, but can establish null sessions on weakly protected Windows hosts for example or to gain information on the network the host is connected to.
|
Affected Systems | |
Attack Scenarios | A web request for the command "net".
|
Ease of Attack | Simple.
|
Corrective Action | Protect "net.exe" from remote usage. Remove the file completly if it is not needed.
|
Additional References | |