In light of Simple Nomad's post regarding the dvwsrr.dll overflow: > Date: Mon, 17 Apr 2000 16:06:37 -0500 > From: Simple Nomad <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > > BindView RAZOR Team Analysis of DVWSSR.DLL Risks [snip] > > > 5. In theory if you can get the hash of a user with the access, you can > exploit the buffer overflow. This is called "passing the hash", and > essentially means that you use the hash without cracking the password to > authenticate to the target server. See > http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9704&L=NTBUGTRAQ&P=R2734&D=0 > for details from RAZOR's Paul Ashton on the basis for this technique. This > technique is currently one of the stars of Foundstone's "Hacking Exposed: > Live" presentations being put on by George Kurtz and Eric Schultze at > security shows around the globe. Certainly in theory this could be adapted > to this exploit. The details of the above 'technique' are described in Hernan Ochoa's paper published in the Guest Feature Forum at Security Focus: <http://www.securityfocus.com/templates/forum_message.html?forum=2&head=1512&id=1512> (warning: the URL might be wrapped by your viewer) It is also available at our site: <http://www.core-sdi.com/papers/NTcred.html> -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iv�n Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : [EMAIL PROTECTED] http://www.core-sdi.com Pte. Juan D. Peron 315 Piso 4 UF 17 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 Casilla de Correos 877 (1000) Correo Central ===================================================================== --- For a personal reply use [EMAIL PROTECTED]
