Metasploit mailing list archives
MS08-067 Authentication against NTLMv2
From: one.miguel at gmail.com (Juan Miguel Paredes)
Date: Mon, 10 Nov 2008 19:28:02 +0100
The problem is like you stated. A secure configuration would not have either accessible by anonymous users. On workstations on a domain, the BROWSER service may even be turned off completely. Lastly, in my testing of baselined systems, there is also "buffer overflow" detection that thwarts attempts (McAfee in my case). It definitely works as long as either the BROWSER or SRVSVC named pipe is enabled and accessible by anonymous users (and the BO detection is turned off). On Mon, Nov 10, 2008 at 5:18 PM, Ron <ron at skullsecurity.net> wrote:
There are two ways to test this, either through "BROWSER" or "SRVSVC".
Metasploit uses "BROWSER" by default (and, in my testing, it works on
more systems by default), but you can change it with the SMBPIPE
variable ("set SMBPIPE SRVSVC"). If you get the same problem for both
BROWSER and SRVSVC, then you're probably out of luck testing this
anonymously.
Current thread:
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 H D Moore (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)