-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ArcSighter Elite wrote: > H D Moore wrote: >> On Monday 22 December 2008, ArcSighter Elite wrote: >>> I came this morning with something. The MS08-67 patch when challenge >>> keys couldn't be replayed, affects also the other variants of the >>> attack, such as http 401 + WWW-Authenticate: NTLM, and the IMAP, POP >>> and SMTP versions? >> Supposedly it affects any component that initializes the security >> negotiation the "right" way, but only during a direct reflection attack. >> You can still relay to a third-party host regardless of protocol. > >> -HD > > > > >> ------------------------------------------------------------------------ > >> _______________________________________________ >> Framework-Hackers mailing list >> Framework-Hackers@spool.metasploit.com >> http://spool.metasploit.com/mailman/listinfo/framework-hackers > > Well, this is how we go. > > Before MS08-067: > > Windows XP SP2 Spanish: > I totally owned. HTTP-based. No user intervention. No nothing. KIS2009 > doesn't block (find-socket). > I totally owned SMB-SMB attack, UNC share. > > After MS08-067: > I owned too! But this time I got a prompt asking for username and > password; I mean, It doesn't automatically authenticate. > The SMB-SMB attack doesn't spawn my shell. > > > Tell me what you think to proceed to XP SP3; although I think I will get > the same results. >
Sorry about the typo, Is MS08-068 what I've applied not MS08-067-netapi. It's the right patch, and the results are above. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJT8T/H+KgkfcIQ8cRAkdXAKCJZtd2tWPUBKNgvAgkHfnrGyoKLwCguW+Z tPwt/E4acEZq/ukdFo7VZq0= =LQos -----END PGP SIGNATURE----- _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers