Vulnerability Development mailing list archives
Re: Win9x netbios pass verif. exploit for unix
From: Extirpater <extirpater () yahoo com>
Date: Wed, 4 Jul 2001 01:52:51 -0700 (PDT)
i wrote that one for a friend's request. i know changing the source code of smbclient's client.c file. Putting a "while" scans all 256 chars. my friend had problems with a few file and can't compile smb package. So exploit is there, use if you want... nothing to say... --- Dragos Ruiu <dr () kyx net> wrote:
Floating around more than a year ago there was a small (40-60 line from memory) patch to samba/smbclient that utilizes the same
flaw
to erm... remove the needless bother of passwords on wintendo shares nearly instantly, all in one nice bundle to also access the data you need.
I'm sorry but some sort of shortcoming in my, oh
so
careful, chronological by depth :-), exploit filing system precludes my finding it right now, but you ought to be able to recreate it fairly readily without too much work... If anyone is _still_ relying on share passwords on old WIndows versions for _any_ sort of security, short of keeping very casual users out until they spend a few minutes trying, they are making a mistake. This has been around for a while, long enough for
me
to lose the sploit apparently.... so if you still are vulnerable to this in this day and age on any data of real significance, your security plan really needs erm.... forklift upgrades, imho. cheers, --dr P.s. I think nessus has some good code for this
too
that can be used as an example, if you're looking... On Sun, 01 Jul 2001, Extirpater wrote:attachment...
__________________________________________________
Do You Yahoo!? Get personalized email addresses from Yahoo!
http://personal.mail.yahoo.com/---------------------------------------- Content-Type: application/x-unknown; name="smbcrack.c" Content-Transfer-Encoding: base64 Content-Description: smbcrack.c ---------------------------------------- -- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at
http://dursec.com/drkey.asc __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Current thread:
- Win9x netbios pass verif. exploit for unix Extirpater (Jul 02)
- Re: Win9x netbios pass verif. exploit for unix Dragos Ruiu (Jul 04)
- Re: Win9x netbios pass verif. exploit for unix Extirpater (Jul 04)
- Re: Win9x netbios pass verif. exploit for unix H D Moore (Jul 04)
- Re: Win9x netbios pass verif. exploit for unix Extirpater (Jul 04)
- Re: Win9x netbios pass verif. exploit for unix Dragos Ruiu (Jul 04)