mailing list archives
From: pusscat at metasploit.com (Pusscat)
Date: Wed, 28 Feb 2007 09:51:55 -0500
HD's right on this one I think - I'll go and change the notes to specify
which OS's require auth and which don't. If I recall correctly, 2ksp4 and
xpsp0/1 do not require auth, while xpsp2 does.
I'm pretty sure there's a common configuration where xpsp2 does not require
auth either... maybe anonymous file sharing enabled.
It's been awhile on this bug. Like... 2 years. ;)
From: H D Moore [mailto:hdm at metasploit.com]
Sent: Wednesday, February 28, 2007 4:04 AM
To: framework at metasploit.com
Subject: Re: [framework] ms04_031_netdde
This depends on the configuration of the server -- IIRC, Windows XP SP0 is
vulnerable without a username/password combination, but only if Simple
File Sharing is activated. Pusscat wrote this exploit, so you might want
to ask her what the requirements are.
On Tuesday 27 February 2007 22:48, Alexander Sotirov wrote:
This seems to imply that no authentication is necessary, but the
exploit doesn't work with an anonymous connection. When I run
ms04_031_netdde I get: