Re: Win9x netbios pass verif. exploit for unix

[Dragos Ruiu <dr () kyx net>]

Floating around more than a year ago there was a small (40-60 line from memory)
patch to samba/smbclient that utilizes the same flaw to erm... remove the
needless bother of passwords on wintendo shares nearly instantly, all in 
one nice bundle to also access the data you need.  

I'm sorry but some sort of shortcoming in my, oh so careful, 
chronological by depth :-), exploit filing system precludes my 
finding it right now, but you ought to be able to recreate it 
fairly readily without too much work...

If anyone is _still_ relying on share passwords on old WIndows versions
for _any_ sort of security, short of keeping very casual users out until
they spend a few minutes trying, they are making a mistake.

This has been around for a while, long enough for me to lose the sploit
apparently.... so if you still are vulnerable to this in this day and age on
any data of real significance, your security plan really needs erm.... forklift
upgrades, imho.

cheers,
--dr

P.s.  I think nessus has some good code for this too that can be used as an
example, if you're looking...

On Sun, 01 Jul 2001, Extirpater wrote:
> attachment...
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/

----------------------------------------
Content-Type: application/x-unknown; name="smbcrack.c"
Content-Transfer-Encoding: base64
Content-Description: smbcrack.c
----------------------------------------

-- 
Dragos Ruiu <dr () dursec com>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc