Metasploit mailing list archives
MS08-067 Authentication against NTLMv2
From: one.miguel at gmail.com (Juan Miguel Paredes)
Date: Mon, 10 Nov 2008 11:25:56 +0100
Sorry, just a quick update. It turns out it was NOT the NTLMv2, it was the following settings (set by GPO or baseline): Disabled Computer Browser Service In gpedit.msc: Computer Config/Windows Settings/Security Settings/Local Policies/Security Options Setting: Network Access: Named Pipes that can be accessed anonymously (remove "browser") Thanks and sorry for the confusion. On Mon, Nov 10, 2008 at 10:23 AM, Juan Miguel Paredes <one.miguel at gmail.com>wrote:
Hi, We are testing the MS08-067 module in our environment and found that it does not work against production systems which are forcing NTLMv2 authentication. I've tested against a system where the authentication has not been forced and it works against that. Looking at the packets and the responses, after the NULL authentication attempt, I get "ACCESS_DENIED". Is there a way to enable NTLMv2 authentication in the module? I've confirmed that I can manually connect to the production system with a NULL session outside of the framework (using net use). Alternatively, can the framework use an existing connection (i.e. net use \\10.0.0.1\ipc$ "" /U:"") and just send the 'sploit code that way? Thanks.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081110/fef17656/attachment.htm>
Current thread:
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 H D Moore (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)