[TOOL] SMBProxy

From: support@securiteam.com
Date: 12/17/01 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 17 Dec 2001 10:22:27 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  SMBProxy
------------------------------------------------------------------------

DETAILS

Got SAM? Don't want to spend more time cracking it?

SMBProxy is a "Passing the Hash" tool that works as a proxy. It makes it
possible to authenticate against a Windows NT4/2000server by only knowing
the md4 hash. It also makes it possible to mount shares, access the
registry, and anything else you could do with those particular user's
privileges. The theory behind this is old, and well known. The tools for
doing this though, have been quite limited until now.

The tool intercepts communication with Windows NT 4.0 and Windows 2000. It
looks for the username trying to connect and does a lookup in the pwdump
file for the users hash. Currently it only intercepts the NTLM hash.

The SMBProxy is still in early development stages but seems to work well
enough for release.

ADDITIONAL INFORMATION

The tool can be downloaded from:
 <http://www.cqure.net/tools02.html> http://www.cqure.net/tools02.html

The information has been provided by
<mailto:patrik.karlsson@ixsecurity.com> Patrik Karlsson.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [TOOL] Domino Hash Breaker
    ... Domino is a software solution from Lotus providing access to bases Notes ... This hash is the result of an algorithm created by ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NT] Windows XP gethostbyaddr() NULL h_name Pointer
    ... Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. ... It is possible to crash any application on Windows XP whenever ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NT] Buffer Overflow in EF Commander
    ... viewer, FTP-client for the Windows 95/98/Me, Windows NT 4.0, Windows 2000 ... to a buffer overflow in the FTP server's responses handling code. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [TOOL] RPCScan, RPC Endpoint Mapper
    ... Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. ... * Default Windows XP and Windows XP SP1, ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [TOOL] High-speed Brute-force Password Cracker for MySQL
    ... The MySQL password hash function could be strengthened considerably ... int i, len; ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)