Metasploit mailing list archives

SMB_RELAY

From: grutz at jingojango.net (Kurt Grutzmacher)
Date: Sun, 9 Mar 2008 00:08:25 -0800

I've done the work to get NTLM Type-message processing into MSF. At this tim
there aren't any exploits within MSF that use the library, I just referenced
it from some external ruby code I wrote but we should be able to integrate
client-side NTLM-over-HTTP fairly easily for server attacks that may require
authorization. I just haven't put it on the top of my list yet.

http://grutz.jingojango.net/exploits/pokehashball.html has some of the
information along with two exploits (hash grabber and HTTP-to-POP3 proxy
exploit).

If anyone wants to work on implementing any exploits, let me know and I'll
work with you.


2008/3/7 natronicus <natronicus at gmail.com>:

Is there a particular reason you're trying to use Windows for this one?  I
tried to mess with implementing NTLM-over-HTTP / Windows Integrated Auth a
few months back, but got frustrated learning Ruby and it hit the
projects-to-finish-later pile.  I recently saw HD mentioned in another
thread someone was working on this problem, but it sounded like they may be
focused on other items first (NTLMv2, for example).

In any event, until the HTTP version is implemented, you're always going
to have problems getting it to work on Windows, because Windows is
incredibly greedy about those particular ports.  Why not use a Linux image
in VMWare instead?  If your network will allow 2 IPs for 1 MAC address,
there's no reason why you can't use it under (e.g.) Backtrack and still
have access to whatever you need Windows for.

Just a though,
N

2008/3/7 Karlsson Anders <Anders.Karlsson at atea.com>:

 And it is realy hard to use port 445. I needed to disable almost every
service and binding in my XP machine. After that I can not use the machine
to connect to the server with old plain "net use", so I do not think using
port 445 is the right way....

/A

_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework


_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080309/53357a4b/attachment.htm>

Current thread:

SMB_RELAY Karlsson Anders (Mar 07)
- SMB_RELAY H D Moore (Mar 07)
  - SMB_RELAY Karlsson Anders (Mar 07)
- <Possible follow-ups>
- SMB_RELAY Karlsson Anders (Mar 07)
  - SMB_RELAY natronicus (Mar 07)
    - SMB_RELAY Kurt Grutzmacher (Mar 09)
    - SMB_RELAY natronicus (Mar 10)
    - SMB_RELAY Kurt Grutzmacher (Mar 10)
    - SMB_RELAY natronicus (Mar 10)
    - SMB_RELAY Parity (Mar 11)
  - SMB_RELAY Nicolas RUFF (Mar 08)