Ahh that is correct capitals do count when using the command line net use. Although authenticating with the Network browser does not. Also one thing i've encountered a lot is after you authenticate to one host, then attempt to authenticate to another you get "conflicting credentials." To fix this (without rebooting) in 2k just go to Administrative Tools -> Services -> Workstation and restart the service. This will kill computer browser as well. But hey it's better than rebooting. Just thought I'd share. blue Be careful after i did this a couple of times rather quickly, it completely bombed my computer browser service and I couldn't get it back up without a reboot. But if you take your time it works quite well. Op Thu, 01 Nov 2001 13:36:15 -0500 Windex King <WindexKing@mor-lan-d.com> geschreven: >Ian, > >I have tested a hunch I had about this and I >believe this is the answer you're looking for. > >Attacking machine: NT 4.0 SP6a >Attacked machine: W2K no SP > >First I confirmed the administrator password >on the to be attacked machine. > >C:\>net user administrator "WindexKing" >The command completed successfully. > >** Note: pwd contains capital letters W and K ** > >Then I attacked using NAT.exe > >C:\>nat -o WindexKing.log -u administrator.txt -p WindexKing.pwd 192.168.68.33 >[*]--- Reading usernames from administrator.txt >[*]--- Reading passwords from WindexKing.pwd > >[*]--- Checking host: 192.168.68.33 >[*]--- Obtaining list of remote NetBIOS names > >[*]--- Attempting to connect with name: * >[*]--- Unable to connect > >[*]--- Attempting to connect with name: *SMBSERVER >[*]--- CONNECTED with name: *SMBSERVER >[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03 >[*]--- Server time is Thu Nov 01 07:49:30 2001 >[*]--- Timezone is UTC-5.0 >[*]--- Remote server wants us to encrypt, telling it not to > >[*]--- Attempting to connect with name: *SMBSERVER >[*]--- CONNECTED with name: *SMBSERVER >[*]--- Attempting to establish session >[*]--- Was not able to establish session with no password >[*]--- Attempting to connect with Username: `AdminIstrator' Password: `foo' >[*]--- Attempting to connect with Username: `AdminIstrator' Password: `bar' >[*]--- Attempting to connect with Username: `AdminIstrator' Password: `windexking' >[*]--- CONNECTED: Username: `AdminIstrator' Password: `windexking' > >Now I tried to use the password found by NAT.exe via net.exe > >c:\>net use * \\192.168.68.33\c$ "windexking" /u:administrator >System error 1326 has occurred. > >Logon failure: unknown user name or bad password. > > >c:\>net use * \\192.168.68.33\c$ "WindexKing" /u:administrator >Drive E: is now connected to \\192.168.68.33\c$. > >The command completed successfully. > > >My conclusion: > >NAT.exe is forcing LANMAN only authentication and therefore the >letters taken from the supplied wordlist are converted to uppercase >as LANMAN expects. > >NAT.exe doesn't tell you that (other than the "Attempting to connect >with protocol: MICROSOFT NETWORKS 1.03" line) and simply reports the >word from the wordlist which worked as it is presented in the wordlist. > >You can find a Cygwin compiled version of the SAMBA SMBclient at: >http://www.hoobie.net/tools/index.html > >W K > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > ================================================================= Kies een origineel e-mailadres op www.emails.nl ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Nov 03 2001 - 15:45:53 PST