Home page logo

metasploit logo Metasploit mailing list archives

From: pusscat at metasploit.com (Pusscat)
Date: Wed, 28 Feb 2007 09:51:55 -0500

HD's right on this one I think - I'll go and change the notes to specify
which OS's require auth and which don't. If I recall correctly, 2ksp4 and
xpsp0/1 do not require auth, while xpsp2 does. 

I'm pretty sure there's a common configuration where xpsp2 does not require
auth either... maybe anonymous file sharing enabled.

It's been awhile on this bug. Like... 2 years. ;)

~ Puss

-----Original Message-----
From: H D Moore [mailto:hdm at metasploit.com] 
Sent: Wednesday, February 28, 2007 4:04 AM
To: framework at metasploit.com
Subject: Re: [framework] ms04_031_netdde

This depends on the configuration of the server -- IIRC, Windows XP SP0 is 
vulnerable without a username/password combination, but only if Simple 
File Sharing is activated. Pusscat wrote this exploit, so you might want 
to ask her what the requirements are.


On Tuesday 27 February 2007 22:48, Alexander Sotirov wrote:
This seems to imply that no authentication is necessary, but the
exploit doesn't work with an anonymous connection. When I run
ms04_031_netdde I get:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]