win95 share attack ... ;)

Gerald Carter gcarter at
Mon Oct 16 06:19:03 GMT 2000

Richard Sharpe wrote:
> >The reason this vulnerability is of concern is that you can do the
> >following:
> >
> >1) use the attack to not just login, but determine 
> the real password (that requires a trivial change to 
> the posted exploit)
> Hmmm, but isn't this the share password you have 
> determined, if one exists?

Yes, but remember that user's have a tendancy to use passwords
over and over again.

> >2) once connected you could download the PWL files on the box.
> >
> >3) with those PWL files you can find the passwords 
> But isn't the user's password different to the 
> share password you may have cracked above?

PWL file are trivial to crack.  It's a well known fact.
This of course is another reason to disable password caching
on Windows 9x hosts.

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems    gcarter at       SAMBA Team           jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list