Ah, did you test Metasploit's HTTP-to-SMB attack? More than likely the same method works (Grutz did some work on that), we just need to implement the HTTP server side (or merge Grutz's patches in).
-HD On Monday 22 December 2008, ArcSighter Elite wrote: > I don't know yet what the truly difference is in here. But the fact is > what I've posted successfully works against XP SP(2|3) Spanish. We of > course need more testing, but I already known some people qualify what > smb_relay does as SMB to SMB attack; and what I'm doing here is some > sort of HTTP to SMB attack; in where the NTLM negotation is requested > by the (fake) web server with 401 + WWW-Authenticate: NTLM. Then the > client sends me his authorization field in the NTLM-Authorization > field. It's a little of browser based. Of course after that, we got SMB > traffic but who cares? _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers