i wrote that one for a friend's request. i know changing the source code of smbclient's client.c file. Putting a "while" scans all 256 chars. my friend had problems with a few file and can't compile smb package. So exploit is there, use if you want... nothing to say... --- Dragos Ruiu <drat_private> wrote: > Floating around more than a year ago there was a > small (40-60 line from memory) > patch to samba/smbclient that utilizes the same flaw > to erm... remove the > needless bother of passwords on wintendo shares > nearly instantly, all in > one nice bundle to also access the data you need. > > I'm sorry but some sort of shortcoming in my, oh so > careful, > chronological by depth :-), exploit filing system > precludes my > finding it right now, but you ought to be able to > recreate it > fairly readily without too much work... > > If anyone is _still_ relying on share passwords on > old WIndows versions > for _any_ sort of security, short of keeping very > casual users out until > they spend a few minutes trying, they are making a > mistake. > > This has been around for a while, long enough for me > to lose the sploit > apparently.... so if you still are vulnerable to > this in this day and age on > any data of real significance, your security plan > really needs erm.... forklift > upgrades, imho. > > cheers, > --dr > > P.s. I think nessus has some good code for this too > that can be used as an > example, if you're looking... > > On Sun, 01 Jul 2001, Extirpater wrote: > > > > attachment... > > > > __________________________________________________ > > Do You Yahoo!? > > Get personalized email addresses from Yahoo! Mail > > http://personal.mail.yahoo.com/ > > ---------------------------------------- > Content-Type: application/x-unknown; > name="smbcrack.c" > Content-Transfer-Encoding: base64 > Content-Description: smbcrack.c > ---------------------------------------- > > -- > Dragos Ruiu <drat_private> dursec.com ltd. / > kyx.net - we're from the future > gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Wed Jul 04 2001 - 12:33:16 PDT