win95 share attack ... ;)

Gerald Carter gcarter at valinux.com
Mon Oct 16 06:19:03 GMT 2000


Richard Sharpe wrote:
> 
> >The reason this vulnerability is of concern is that you can do the
> >following:
> >
> >1) use the attack to not just login, but determine 
> the real password (that requires a trivial change to 
> the posted exploit)
> 
> Hmmm, but isn't this the share password you have 
> determined, if one exists?

Yes, but remember that user's have a tendancy to use passwords
over and over again.

> >2) once connected you could download the PWL files on the box.
> >
> >3) with those PWL files you can find the passwords 
> 
> But isn't the user's password different to the 
> share password you may have cracked above?

PWL file are trivial to crack.  It's a well known fact.
This of course is another reason to disable password caching
on Windows 9x hosts.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )





More information about the samba-technical mailing list