ms04_031_netdde

[mmiller at hick.org (mmiller at hick.org)]

Jerome / Alex,

On Wed, Feb 28, 2007 at 06:44:02AM +0100, Jerome Athias wrote:
> btw, i don't really understand your main goal in all your recent mails...
> Do you actually want to completely test all modules of the actual 
> version of the msf? (if so, -good luck-, and remember that a new version 
> is coming... remember also that a specific application is now open to 
> report bugs http://metasploit.com/dev/trac/newticket )
> Do you test exploits with the msf for learning purposes? (if so, i would 
> recommend to spend more time with quite recent sploits than with 
> "jurassic" ones. furthermore, you should try to use your ruby skills to 
> edit the modules and use the documentation to have a better 
> understanding of things)

Alex has made contributions to the project in one form or another off
and on for the past few years.  He's actually been catching quite a few
bugs recently in 3.0, many of which he's provided patches for, and we
definitely appreciate that :)  I don't think it's worth worrying about
what his purposes are in testing/flushing out exploits.  One of the main
goals of the project is to provide reliable exploits, so any report we
get of one failing is worth some degree of investigation.

> Sorry to, actually, don't help you much with your specific problem.
> Did you trace the things with wireshark or so?...

I'm not familiar with this bug either, but I can say that we recently
moved SMBUSER and SMBPASS to advanced options in 3.0 since they are
rarely used.  This is why they don't show up in the exploit's options.
HD may be able to comment more on the specific issues regarding access
denied.