win95 share attack ... ;)
Gerald Carter
gcarter at valinux.com
Mon Oct 16 06:19:03 GMT 2000
Richard Sharpe wrote:
>
> >The reason this vulnerability is of concern is that you can do the
> >following:
> >
> >1) use the attack to not just login, but determine
> the real password (that requires a trivial change to
> the posted exploit)
>
> Hmmm, but isn't this the share password you have
> determined, if one exists?
Yes, but remember that user's have a tendancy to use passwords
over and over again.
> >2) once connected you could download the PWL files on the box.
> >
> >3) with those PWL files you can find the passwords
>
> But isn't the user's password different to the
> share password you may have cracked above?
PWL file are trivial to crack. It's a well known fact.
This of course is another reason to disable password caching
on Windows 9x hosts.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list