SMB_RELAY DEMO (Defcon)

[sigtrap at sigtrap.org (sigtrap)]

Hi,
Does the user have a password? Mirroring can't be done without a user
password. Check the client firewall and the server service so the next
step goes without any hiccups.
//sigtrap

-----Original Message-----
From: scotty to hotty <j_fast_and_the_furious at hotmail.com>
To: <framework at metasploit.com>
Date: Mon, 24 Sep 2007 16:13:31 +0000
Subject: [framework] SMB_RELAY DEMO (Defcon)

> Hi everyone, I'm having some problems replicating the demo shown at
> defcon by HD Moore. I'm not having problems setting everything up.
> Theres only a problem when victim sends cridentials (username and NTLM
> hash). i set everything up right. nmbd showing WPAD as my netbios name,
> Apache hosting wpad.dat (with my ip) and the two msf3 services needed
> (sox proxy, and smb_relay using bind_tcp payload). Everything seems to
> go as planned until the victim sends me the username and hash. It tells
> me that the username and hash provided are for a guest account. i know
> their for admin account because i set the box up. Would the problem be
> in the fact that im exploiting a french xp? (i dont really think so).
> anyways i made sure everything is set up correctly, just want to know
> why its giving me this problem.
> _________________________________________________________________
> Explore the seven wonders of the world
> http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBR
> E