Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Extirpater (extirpateryahoo.com)
Date: Wed Jul 04 2001 - 03:52:51 CDT
i wrote that one for a friend's request. i know
changing the source code of smbclient's client.c file.
Putting a "while" scans all 256 chars.
my friend had problems with a few file and can't
compile smb package.
So exploit is there, use if you want... nothing to
--- Dragos Ruiu <drkyx.net> wrote:
> Floating around more than a year ago there was a
> small (40-60 line from memory)
> patch to samba/smbclient that utilizes the same
> to erm... remove the
> needless bother of passwords on wintendo shares
> nearly instantly, all in
> one nice bundle to also access the data you need.
> I'm sorry but some sort of shortcoming in my, oh
> chronological by depth :-), exploit filing system
> precludes my
> finding it right now, but you ought to be able to
> recreate it
> fairly readily without too much work...
> If anyone is _still_ relying on share passwords on
> old WIndows versions
> for _any_ sort of security, short of keeping very
> casual users out until
> they spend a few minutes trying, they are making a
> This has been around for a while, long enough for
> to lose the sploit
> apparently.... so if you still are vulnerable to
> this in this day and age on
> any data of real significance, your security plan
> really needs erm.... forklift
> upgrades, imho.
> P.s. I think nessus has some good code for this
> that can be used as an
> example, if you're looking...
> On Sun, 01 Jul 2001, Extirpater wrote:
> > attachment...
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo!
> > http://personal.mail.yahoo.com/
> Content-Type: application/x-unknown;
> Content-Transfer-Encoding: base64
> Content-Description: smbcrack.c
> Dragos Ruiu <drdursec.com> dursec.com ltd. /
> kyx.net - we're from the future
> gpg/pgp key on file at wwwkeys.pgp.net or at
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail