Ah, did you test Metasploit's HTTP-to-SMB attack? More than likely the 
same method works (Grutz did some work on that), we just need to implement 
the HTTP server side (or merge Grutz's patches in).


On Monday 22 December 2008, ArcSighter Elite wrote:
> I don't know yet what the truly difference is in here. But the fact is
> what I've posted successfully works against XP SP(2|3) Spanish. We of
> course need more testing, but I already known some people qualify what
> smb_relay does as SMB to SMB attack; and what I'm doing here is some
> sort of HTTP to SMB attack; in where the NTLM negotation is requested
> by the (fake) web server with 401 + WWW-Authenticate: NTLM. Then the
> client sends me his authorization field in the NTLM-Authorization
> field. It's a little of browser based. Of course after that, we got SMB
> traffic but who cares?

Framework-Hackers mailing list

Reply via email to