Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: yo metaspoilt problem

  1. #11
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by knileyzma View Post
    Test machine...allways same problem The connection time has timed out!
    I started some hard core reading now if i dont get it ill just destroy my windows with .bat file
    The firewall is turned off right?

  2. #12
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    9

    Default

    Quote Originally Posted by Lincoln View Post
    The firewall is turned off right?
    y i turned it off and cant exploit myself i think thats sades story!

  3. #13
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by knileyzma View Post
    since i have some stupid service pack i cant use ms08_067_netapi
    If you have a fresh copy of XPSp2, not updated and firewall turned off, there should be no problems running MS08-067 exploit on the same local lan.

  4. #14
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Lincoln View Post
    If you have a fresh copy of XPSp2, not updated and firewall turned off, there should be no problems running MS08-067 exploit on the same local lan.
    Thats correct. There will however be a problem in using ms03-026, which is what I was alluding to earlier when I suggested that the OP check the Microsoft Security bulletin for that vulnerability.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #15
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by lupin View Post
    Thats correct. There will however be a problem in using ms03-026, which is what I was alluding to earlier when I suggested that the OP check the Microsoft Security bulletin for that vulnerability.
    I definitely know that you know what you are doing

    I just want to give the OP a definitive end result, plus I am getting tired of decoding his posts.

  6. #16
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    Its vary simple, the windows box is not vulnerable to this exploit... do some research on the exploit...

    below is a registry key for windows vista, when this key is changed as instructed then windows vista will be vulnerable to smb/relay attacks...

    i had to do research on the exploit, then research the vulnerability in smb and how the service authenticates NTLM credentials...

    after a few hours of research it was clear that microsoft has patched this exploit with a simple registry key that i altered...

    Quote Originally Posted by BigMac View Post
    Ok, so i made a change to the registry in windows vista...
    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\LMCompatibilityLevel
    by default windows vista has set this to 3, just open up regedit to that location and change the value to a 1...

    windows/smb/smb_relay
    windows/smb/psexec

    both these exploits should now work with no problem, the Correct lan man hash is now going to be authenticated... i have learned alot in the past few days on how smb authentication process works...

    For tutorial purposes, i still would like to crack this hash... im running backtrack3 from a usb stick, i only have a few gigs of free space available, im trying to create a small set of rainbow tables for cracking this hash...

    any comments or spoon feeding would be a big help with creating these tables...
    lol check out my video with this exploit in action...

    if you just want to see some exploits work, search online for windows-2000.iso and launch autopwn and massclient attacks agenst that OS...

  7. #17
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Lincoln View Post
    I definitely know that you know what you are doing
    Some of the time I do. The rest of the time I just fake it very convincingly.

    Quote Originally Posted by Lincoln View Post
    I just want to give the OP a definitive end result
    Yes I was trying to clear things up for the OP too. I figured that I may have been too subtle when I said:

    Quote Originally Posted by lupin View Post
    Did you check the Microsoft security bulletin for ms03-026?
    I thought it should have been obvious what I was getting at there, but maybe not.

    Quote Originally Posted by Lincoln View Post
    plus I am getting tired of decoding his posts.
    Yes there are some inventive misspellings and grammatical manglings in some of those posts. Its kind of like doing a word puzzle...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #18
    Just burned his ISO marshmallow's Avatar
    Join Date
    Aug 2009
    Posts
    10

    Default

    Have you check the application running in windows and have you check the version on windows?

  9. #19
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    9

    Cool

    Quote Originally Posted by marshmallow View Post
    Have you check the application running in windows and have you check the version on windows?
    yy i pwnd my virtual XP and I got all that stuff working...now im learning linux basics...y i know it should be other way around but i didnt know that ill go too much into this now im going to install BT on hard drive u know how it goes...thx all for instructions/suggestions
    see ya soon

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •