-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

H D Moore wrote:
> Ah, did you test Metasploit's HTTP-to-SMB attack? More than likely the 
> same method works (Grutz did some work on that), we just need to implement 
> the HTTP server side (or merge Grutz's patches in).
> 
> -HD
> 
> 
> On Monday 22 December 2008, ArcSighter Elite wrote:
>> I don't know yet what the truly difference is in here. But the fact is
>> what I've posted successfully works against XP SP(2|3) Spanish. We of
>> course need more testing, but I already known some people qualify what
>> smb_relay does as SMB to SMB attack; and what I'm doing here is some
>> sort of HTTP to SMB attack; in where the NTLM negotation is requested
>> by the (fake) web server with 401 + WWW-Authenticate: NTLM. Then the
>> client sends me his authorization field in the NTLM-Authorization
>> field. It's a little of browser based. Of course after that, we got SMB
>> traffic but who cares?
> 
> 
> _______________________________________________
> Framework-Hackers mailing list
> Framework-Hackers@spool.metasploit.com
> http://spool.metasploit.com/mailman/listinfo/framework-hackers
> 

No, I haven't tested that in such a way. In fact I should check
metasploit's diffs more often instead of updating :D I already told you.
Metasploit's tests only performed in the SMB-SMB attack. You have to use
UNC or network browsing; Also, the metasploit module is using 139. I'm a
bit loss in here. Such a thing exists?
I'll do some more tests to get some more basis in the meantime, but I
think you agree the results are worth the pain.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJUAPJH+KgkfcIQ8cRAtSfAKCsnd/s/YczTrTl//Gcj3AlSPUCDACgvhVD
4rA2TElt/kzdqwdAqG/RsDs=
=A+jy
-----END PGP SIGNATURE-----
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers

Reply via email to