[framework] SMB_RELAY

Kurt Grutzmacher grutz at jingojango.net
Sun Mar 9 03:08:25 CDT 2008 

I've done the work to get NTLM Type-message processing into MSF. At this tim
there aren't any exploits within MSF that use the library, I just referenced
it from some external ruby code I wrote but we should be able to integrate
client-side NTLM-over-HTTP fairly easily for server attacks that may require
authorization. I just haven't put it on the top of my list yet.

http://grutz.jingojango.net/exploits/pokehashball.html has some of the
information along with two exploits (hash grabber and HTTP-to-POP3 proxy
exploit).

If anyone wants to work on implementing any exploits, let me know and I'll
work with you.


2008/3/7 natronicus <natronicus at gmail.com>:

> Is there a particular reason you're trying to use Windows for this one?  I
> tried to mess with implementing NTLM-over-HTTP / Windows Integrated Auth a
> few months back, but got frustrated learning Ruby and it hit the
> projects-to-finish-later pile.  I recently saw HD mentioned in another
> thread someone was working on this problem, but it sounded like they may be
> focused on other items first (NTLMv2, for example).
>
> In any event, until the HTTP version is implemented, you're always going
> to have problems getting it to work on Windows, because Windows is
> incredibly greedy about those particular ports.  Why not use a Linux image
> in VMWare instead?  If your network will allow 2 IPs for 1 MAC address,
> there's no reason why you can't use it under (e.g.) Backtrack and still
> have access to whatever you need Windows for.
>
> Just a though,
> N
>
> 2008/3/7 Karlsson Anders <Anders.Karlsson at atea.com>:
>
> >  And it is realy hard to use port 445. I needed to disable almost every
> > service and binding in my XP machine. After that I can not use the machine
> > to connect to the server with old plain "net use", so I do not think using
> > port 445 is the right way....
> >
> > /A
> >
> > _______________________________________________
> > http://spool.metasploit.com/mailman/listinfo/framework
> >
> >
>
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20080309/53357a4b/attachment.htm

More information about the Framework mailing list