Prior to Windows Server 2003, Microsoft hosts automatically supported a type of connection called the null session. This allowed any client to make an unauthenticated connection to the IPC$ (inter-process communication) share on the host. From there, it was possible to enumerate information via the SMB protocol. Older Unix and Linux hosts with the Samba service installed also permit null sessions. The syntax for connecting via a null session is: net use \\<server-name-or-IP\ipc$ /u:"" "".

The following example uses a null session to connect to a Linux Samba server, and then uses the net view command to see the SMB shares.

Viewing SMB shares

Note: Most modern systems, both Windows and *nix, are configured to disallow null sessions. You might, however, find the occasional older machine that still permits their creation. It is also possible to enable null sessions in the host's security policy.