Metasploit mailing list archives
SMB_RELAY DEMO (Defcon)
From: sigtrap at sigtrap.org (sigtrap)
Date: Mon, 24 Sep 2007 18:24:38 +0200
Hi, Does the user have a password? Mirroring can't be done without a user password. Check the client firewall and the server service so the next step goes without any hiccups. //sigtrap -----Original Message----- From: scotty to hotty <j_fast_and_the_furious at hotmail.com> To: <framework at metasploit.com> Date: Mon, 24 Sep 2007 16:13:31 +0000 Subject: [framework] SMB_RELAY DEMO (Defcon)
Hi everyone, I'm having some problems replicating the demo shown at defcon by HD Moore. I'm not having problems setting everything up. Theres only a problem when victim sends cridentials (username and NTLM hash). i set everything up right. nmbd showing WPAD as my netbios name, Apache hosting wpad.dat (with my ip) and the two msf3 services needed (sox proxy, and smb_relay using bind_tcp payload). Everything seems to go as planned until the victim sends me the username and hash. It tells me that the username and hash provided are for a guest account. i know their for admin account because i set the box up. Would the problem be in the fact that im exploiting a french xp? (i dont really think so). anyways i made sure everything is set up correctly, just want to know why its giving me this problem. _________________________________________________________________ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBR E
Current thread:
- SMB_RELAY DEMO (Defcon) scotty to hotty (Sep 24)
- SMB_RELAY DEMO (Defcon) sigtrap (Sep 24)
- SMB_RELAY DEMO (Defcon) scotty to hotty (Sep 24)
- SMB_RELAY DEMO (Defcon) Thierry Zoller (Sep 24)
- SMB_RELAY DEMO (Defcon) H D Moore (Sep 24)
- SMB_RELAY DEMO (Defcon) scotty to hotty (Sep 24)