y i turned it off and cant exploit myself i think thats sades story!Originally Posted by Lincoln
The firewall is turned off right?Test machine...allways same problem The connection time has timed out!
I started some hard core reading now if i dont get it ill just destroy my windows with .bat file
y i turned it off and cant exploit myself i think thats sades story!
If you have a fresh copy of XPSp2, not updated and firewall turned off, there should be no problems running MS08-067 exploit on the same local lan.
Thats correct. There will however be a problem in using ms03-026, which is what I was alluding to earlier when I suggested that the OP check the Microsoft Security bulletin for that vulnerability.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
I definitely know that you know what you are doing
I just want to give the OP a definitive end result, plus I am getting tired of decoding his posts.
Its vary simple, the windows box is not vulnerable to this exploit... do some research on the exploit...
below is a registry key for windows vista, when this key is changed as instructed then windows vista will be vulnerable to smb/relay attacks...
i had to do research on the exploit, then research the vulnerability in smb and how the service authenticates NTLM credentials...
after a few hours of research it was clear that microsoft has patched this exploit with a simple registry key that i altered...
lolOk, so i made a change to the registry in windows vista...by default windows vista has set this to 3, just open up regedit to that location and change the value to a 1...Code:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\LMCompatibilityLevel
windows/smb/smb_relay
windows/smb/psexec
both these exploits should now work with no problem, the Correct lan man hash is now going to be authenticated... i have learned alot in the past few days on how smb authentication process works...
For tutorial purposes, i still would like to crack this hash... im running backtrack3 from a usb stick, i only have a few gigs of free space available, im trying to create a small set of rainbow tables for cracking this hash...
any comments or spoon feeding would be a big help with creating these tables...
if you just want to see some exploits work, search online for windows-2000.iso and launch autopwn and massclient attacks agenst that OS...
Some of the time I do. The rest of the time I just fake it very convincingly.
Yes I was trying to clear things up for the OP too. I figured that I may have been too subtle when I said:
I thought it should have been obvious what I was getting at there, but maybe not.
Yes there are some inventive misspellings and grammatical manglings in some of those posts. Its kind of like doing a word puzzle...plus I am getting tired of decoding his posts.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Have you check the application running in windows and have you check the version on windows?
yy i pwnd my virtual XP and I got all that stuff working...now im learning linux basics...y i know it should be other way around but i didnt know that ill go too much into this now im going to install BT on hard drive u know how it goes...thx all for instructions/suggestions
see ya soon
Posting Permissions