lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 Nov 2008 22:08:59 -0500
From: adrian.lamo@...hmail.com
To: yersinia.spiros@...il.com, atarasco@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NTLM Multiprotocol Replay attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Andrea Tabasco,

To be fair, the only great thing about the cdc is the appetites of
the members, and the only great tools from the group would be the
members themselves.  Thank you for misunderstanding the word
"great".

best regards,
- -al

ps: yes my name is Adrian Lamo, but not the famous one profiled in
the upcoming kevin spacey documentary, which will undoubtedly be
the greatest tool ever!

On Sun, 16 Nov 2008 08:31:21 -0500 Andres Tarasco
<atarasco@...il.com> wrote:
>Its a completely new tool as it does not share code with the old
>smbrelay
>however, as the main goal is to replay NTLM authentication
>challenges, i
>decided to name it "smbrelay", like the great cdc tool.
>smbrelay3 have been tested against windows 2000/xp/2003 and works
>fine.
>
>Andres
>
>2008/11/16 yersinia <yersinia.spiros@...il.com>
>
>> smbrelay in origin was, some years ago, created by CDC. M$ smb
>signing do
>> it historic. This tool is an evolution of this ?
>>
>> Regards
>>
>> On Fri, Nov 14, 2008 at 9:37 PM, Andres Tarasco
><atarasco@...il.com>wrote:
>>
>>> I have published a new proof of concept tool, named
>"Smbrelay3", that is
>>> able to replay NTLM authentication from several protocols like
>>> SMB/HTTP/IMAP/..
>>> http://www.tarasco.org/security/smbrelay/index.html
>>>
>>>
>>> Andrés Tarascó
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
>
>--
>Andres Tarasco
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkkg4EsACgkQ8J2EGU1ixm5dLQP/Z20Hjh+alyStBf7M9ak5VKdv/nwC
B0Q9xk33YSC62WZI/s3VWp8T3/Va2tPT0u6ENWWD2ghP0tqUksSNimUZZbn2Eo15N7Do
6uNJkZOgJYY5Dgc1CtfgycIQv6InTYOMq0ivUNV06DxPOLXrjDWEtXDbYWDN2w6R/zK2
H5Gxa20=
=rrXR
-----END PGP SIGNATURE-----

--
Love Graphic Design? Find a school near you. Click Now.
http://tagline.hushmail.com/fc/PnY6qxunKhThzwKUjVxfpkAYNnMCthxRQNxWRpZaB3lBQC3phlmoI/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ