Re: smb_sniffer and browser autopwn

[Richard Miles <richard.k.miles () googlemail com>]

Hi

It's wired, on my case I never get the real auth packets. I'm just
curious about the insides what mean exactly this null auth packets...

Thanks

On Tue, Aug 17, 2010 at 5:04 AM, Kurt Grutzmacher <grutz () jingojango net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 8/16/10 9:56 PM, Richard Miles wrote:
> > No one?
> >
> > On Sun, Aug 15, 2010 at 4:07 PM, Richard Miles
> > <richard.k.miles () googlemail com> wrote:
> > > Hi
> > >
> > > I was using smb_sniffer module and I see a few times a few connections like this
> > >
> > > New Connection from 10.1.1.3
> > > Fir Aug 15 09:10:45 2010        10.1.1.3        1122334455667788
> > >  00        0000000000000000000000000000000000000000000000000
> > > Windows Server 2003 R2 3790 Service Pack 2
>
> Hey Richard,
>
> I have seen this before but didn't really pay much attention to it,
> assuming it was Windows just doing some funky mojo as it is wont to do.
> You passed it a valid challenge request and it's decided to not do
> anything with it, returning all nulls. Usually the real auth packet
> arrives shortly thereafter.
>
> - ---
>  grutz () jingojango net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxqXpYACgkQ7JUqA4yz7LTtvgCfRTVWG4+Jj7z75LPwwTdT6L2p
> ToIAnjtQGzkHrXdUa+QMRVAjfQMbNwKg
> =U8u8
> -----END PGP SIGNATURE-----
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework