Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration

Info Nessus Plugin ID 10398


It was possible to obtain the domain SID.


By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).

The domain SID can then be used to get the list of users of the domain.



Plugin Details

Severity: Info

ID: 10398

File Name: smb_dom2sid.nasl

Version: $Revision: 1.52 $

Type: local

Agent: windows

Family: Windows

Published: 2000/05/09

Modified: 2016/11/15

Dependencies: 10917, 10394, 10150

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/test_domain

Reference Information

CVE: CVE-2000-1200

BID: 959

OSVDB: 715