Foofus.Net

Foofus.Net Advanced Security Services Forum

  • Home
  • About
  • Advisories
    • BMC Service Desk Express Advisory
    • IOServer “Root Directory” Trailing Backslash Web Server Vuln
    • Javascript Injection in Microsoft Lync
    • Lexmark Multifunction Printer Information Exposure
    • Micro Technology Services LynxGuide Web Interface Security Issues
    • Multi-Tech Systems MultiModem iSMS Multiple XSS Vulnerabilities
    • Toshiba eStudio Multifunction Printer Information leakage
    • Trustwave WebDefend Static Database Password Vulnerability
    • XSS in Kaseya version 6.2.0.0 web interface
    • Toshiba eStudio Multifunction Printer Authentication Bypass
    • Symantec AMS Intel Alert Handler Design Flaw
  • Hacks
    • Passwords & Hashes
    • LM/NTLM Challenge / Response Authentication
    • Wireless
  • Tools
    • OWA Enumeration Scripts
    • Praeda
    • FgDump & PwDump
    • Medusa

Samba “Improvements” Updated

Posted by admin on September 3, 2009
Posted in: Stuff. Tagged: tools.

I’ve updated my Samba modifications for the 3.3.7 release. The patch adds support to Samba utilities for passing-the-hash. For the uninformed, this allows you to leverage hashes gathered with such excellent tools as FgDump, without needing to ever crack the password. You can simply pass-the-hash and mount remote shares, create new accounts, etc. as the targeted account. Another bit of goodness here are some changes to the nmbd and smbd daemons. With this patch, nmbd will respond to all broadcast requests. Smbd will log any challenge/response handshakes. All sorts of fun can be had with this…  See the following pages for more information:

http://www.foofus.net/jmk/smbchallenge.html/
http://www.foofus.net/jmk/passhash.html

Posts navigation

← Gordo Attacks
Medusa 2.0 Release →
  • Site Content

    • About
    • Advisories
      • BMC Service Desk Express Advisory
      • IOServer “Root Directory” Trailing Backslash Web Server Vuln
      • Javascript Injection in Microsoft Lync
      • Lexmark Multifunction Printer Information Exposure
      • Micro Technology Services LynxGuide Web Interface Security Issues
      • Multi-Tech Systems MultiModem iSMS Multiple XSS Vulnerabilities
      • Symantec AMS Intel Alert Handler Design Flaw
      • Toshiba eStudio Multifunction Printer Authentication Bypass
      • Toshiba eStudio Multifunction Printer Information leakage
      • Trustwave WebDefend Static Database Password Vulnerability
      • XSS in Kaseya version 6.2.0.0 web interface
    • Hacks
      • LM/NTLM Challenge / Response Authentication
      • Passwords & Hashes
      • Wireless
    • Tools
      • FgDump & PwDump
      • Medusa
      • OWA Enumeration Scripts
      • Praeda
  • Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org