Ahh that is correct capitals do count when using the command line net use. Although authenticating with the Network browser does not. Also one thing i've encountered a lot is after you authenticate to one host, then attempt to authenticate to another you get "conflicting credentials." To fix this (without rebooting) in 2k just go to Administrative Tools -> Services -> Workstation and restart the service. This will kill computer browser as well. But hey it's better than rebooting. Just thought I'd share.
blue
Be careful after i did this a couple of times rather quickly, it completely bombed my computer browser service and I couldn't get it back up without a reboot. But if you take your time it works quite well.
Op Thu, 01 Nov 2001 13:36:15 -0500 Windex King <WindexKing_at_mor-lan-d.com> geschreven:
>Ian,
>
>I have tested a hunch I had about this and I
>believe this is the answer you're looking for.
>
>Attacking machine: NT 4.0 SP6a
>Attacked machine: W2K no SP
>
>First I confirmed the administrator password
>on the to be attacked machine.
>
>C:\>net user administrator "WindexKing"
>The command completed successfully.
>
>** Note: pwd contains capital letters W and K **
>
>Then I attacked using NAT.exe
>
>C:\>nat -o WindexKing.log -u administrator.txt -p WindexKing.pwd 192.168.68.33
>[*]--- Reading usernames from administrator.txt
>[*]--- Reading passwords from WindexKing.pwd
>
>[*]--- Checking host: 192.168.68.33
>[*]--- Obtaining list of remote NetBIOS names
>
>[*]--- Attempting to connect with name: *
>[*]--- Unable to connect
>
>[*]--- Attempting to connect with name: *SMBSERVER
>[*]--- CONNECTED with name: *SMBSERVER
>[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
>[*]--- Server time is Thu Nov 01 07:49:30 2001
>[*]--- Timezone is UTC-5.0
>[*]--- Remote server wants us to encrypt, telling it not to
>
>[*]--- Attempting to connect with name: *SMBSERVER
>[*]--- CONNECTED with name: *SMBSERVER
>[*]--- Attempting to establish session
>[*]--- Was not able to establish session with no password
>[*]--- Attempting to connect with Username: `AdminIstrator' Password: `foo'
>[*]--- Attempting to connect with Username: `AdminIstrator' Password: `bar'
>[*]--- Attempting to connect with Username: `AdminIstrator' Password: `windexking'
>[*]--- CONNECTED: Username: `AdminIstrator' Password: `windexking'
>
>Now I tried to use the password found by NAT.exe via net.exe
>
>c:\>net use * \\192.168.68.33\c$ "windexking" /u:administrator
>System error 1326 has occurred.
>
>Logon failure: unknown user name or bad password.
>
>
>c:\>net use * \\192.168.68.33\c$ "WindexKing" /u:administrator
>Drive E: is now connected to \\192.168.68.33\c$.
>
>The command completed successfully.
>
>
>My conclusion:
>
>NAT.exe is forcing LANMAN only authentication and therefore the
>letters taken from the supplied wordlist are converted to uppercase
>as LANMAN expects.
>
>NAT.exe doesn't tell you that (other than the "Attempting to connect
>with protocol: MICROSOFT NETWORKS 1.03" line) and simply reports the
>word from the wordlist which worked as it is presented in the wordlist.
>
>You can find a Cygwin compiled version of the SAMBA SMBclient at:
>http://www.hoobie.net/tools/index.html
>
>W K
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>
=================================================================
Kies een origineel e-mailadres op www.emails.nl
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Nov 03 2001
Intro
