http://pr0n.newhackcity.net/~sd/smbrelay.html Smbrelay is a program that receives a connection on port 139, connects back to the connecting computer's port 139, and relays the packets between the client and server of the connecting Windows machine, making modifications to these packets when necessary. After connecting and authenticating it disconnects the target's client and binds to port 139 on a new IP address. This IP address (the relay address) can then be connected to directly from windows using "net use \\192.1.1.1" and then used by all of the networking built into Windows. It relays all the SMB traffic, except for the negotiation and authentication. You can disconnect from and reconnect to this virtual IP as long as the target host stays connected. SMBRelay is multi-threaded and handles multiple connections simultaneously. It will create new IP addresses sequentially, removing them when the target host disconnects. It will not allow the same IP address to connect twice, unless a successful connection to that target was achieved and disconnected. If this happens, it may use the same same relay address again for another connection. SMBRelay collects the NTLM password hashes transmitted and writes them to hashes.txt in a format usable by L0phtcrack so the passwords can be cracked later. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 09:49:56 PDT