-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 H D Moore wrote: > Ah, did you test Metasploit's HTTP-to-SMB attack? More than likely the > same method works (Grutz did some work on that), we just need to implement > the HTTP server side (or merge Grutz's patches in). > > -HD > > > On Monday 22 December 2008, ArcSighter Elite wrote: >> I don't know yet what the truly difference is in here. But the fact is >> what I've posted successfully works against XP SP(2|3) Spanish. We of >> course need more testing, but I already known some people qualify what >> smb_relay does as SMB to SMB attack; and what I'm doing here is some >> sort of HTTP to SMB attack; in where the NTLM negotation is requested >> by the (fake) web server with 401 + WWW-Authenticate: NTLM. Then the >> client sends me his authorization field in the NTLM-Authorization >> field. It's a little of browser based. Of course after that, we got SMB >> traffic but who cares? > > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers >
No, I haven't tested that in such a way. In fact I should check metasploit's diffs more often instead of updating :D I already told you. Metasploit's tests only performed in the SMB-SMB attack. You have to use UNC or network browsing; Also, the metasploit module is using 139. I'm a bit loss in here. Such a thing exists? I'll do some more tests to get some more basis in the meantime, but I think you agree the results are worth the pain. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUAPJH+KgkfcIQ8cRAtSfAKCsnd/s/YczTrTl//Gcj3AlSPUCDACgvhVD 4rA2TElt/kzdqwdAqG/RsDs= =A+jy -----END PGP SIGNATURE----- _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers