lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030419121133.59d47cf2.dave@immunitysec.com>
Date: Sat, 19 Apr 2003 12:11:33 -0400
From: Dave Aitel <dave@...unitysec.com>
To: bugtraq@...urityfocus.com
Subject: Re: Authentication flaw in microsoft SMB protocol


Also found and demonstrated by dildog at defcon 3 years ago. So don't
hold your breath waiting for that patch.

Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/ 

On 19 Apr 2003 13:24:33 -0000
<seclab@...aut.ac.ir> wrote:

> 
> 
> Detailed information:
> http://seclab.ce.aut.ac.ir/vreport.htm
> 
> Summary
> =======
> Microsoft uses SMB Protocol for “File and Printer sharing service” in
> all versions of Windows. Upon accessing a network resource, NTLM 
> Authentication is used to authenticate the client on the server. When
> a logged-in user requests for a network share on the server, Windows 
> automatically sends the encrypted hashed password of the logged-in 
> username to the target SMB server before prompting for password.
> Although the hashed password is not sent in plaintext format, and it
> is encrypted by the server challenge, a malicious SMB Server could use
> this information to authenticate on the client machine and in many
> cases, gain full control over the shared objects of the client such as
> C$, etc.
> 
...
> Exploit
> =======
> We will publish the exploit code after a patch be created by software 
> vendor.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ