On Wednesday 09 April 2008, Señor Natron wrote: > However, when Victor wants to make an SMB connection, his PC issues an > NBSTAT request to the IP:137, which metasploit/linux has no idea what > to do with, and responds with an ICMP Type 3 Port Unreachable message.
Yup, you can solve this by installing Samba, configuring the hostname in smbd.conf, and running the nmbd daemon. At some later point, it may make sense to add a NBNS responder to metasploit, but it doesn't sound like fun to write. > Questions: > 1) What causes Victor to issue an NBSTAT request? Is it something > wrong in my spoofed response packet, perhaps? (When Victor opens an > SMB connection to \\ip.add.res, it immediately performs an SMB connect > to :139; no NBSTAT to 137 is performed.) I've examined my spoofed > response and can't see anything that would be kicking off an NBSTAT > request, but I may be missing something. Name lookups in Windows loosely follow this order: 1. Hosts File 2. DNS 3. WINS 4. NBNS > 2) Anyone know if it's possible to answer 4) in such a way that Victor will skip the NBSTAT request? Yeah, just reply to the DNS request. > 3) Is it possible to answer 4) with an NBSTAT response that > will elicit a Negotiate Protocol Request to :139 or :445? Yes, use nmbd from Samba. -HD _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
