Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration

info Nessus Plugin ID 10398


It was possible to obtain the domain SID.


By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).

The domain SID can then be used to get the list of users of the domain.

Plugin Details

Severity: Info

ID: 10398

File Name: smb_dom2sid.nasl

Version: 1.57

Type: local

Agent: windows

Family: Windows

Published: 5/9/2000

Updated: 2/28/2023

Supported Sensors: Nessus Agent

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/test_domain