Metasploit mailing list archives
MS08-067 Authentication against NTLMv2
From: ron at skullsecurity.net (Ron)
Date: Mon, 10 Nov 2008 10:18:55 -0600
Juan Miguel Paredes wrote:
Sorry, just a quick update. It turns out it was NOT the NTLMv2, it was the following settings (set by GPO or baseline): Disabled Computer Browser Service In gpedit.msc: Computer Config/Windows Settings/Security Settings/Local Policies/Security Options Setting: Network Access: Named Pipes that can be accessed anonymously (remove "browser") Thanks and sorry for the confusion.
There are two ways to test this, either through "BROWSER" or "SRVSVC".
Metasploit uses "BROWSER" by default (and, in my testing, it works on
more systems by default), but you can change it with the SMBPIPE
variable ("set SMBPIPE SRVSVC"). If you get the same problem for both
BROWSER and SRVSVC, then you're probably out of luck testing this
anonymously.
Ron
--
Ron Bowes
http://www.skullsecurity.org/
Current thread:
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)
- MS08-067 Authentication against NTLMv2 H D Moore (Nov 10)
- MS08-067 Authentication against NTLMv2 Ron (Nov 10)
- MS08-067 Authentication against NTLMv2 Juan Miguel Paredes (Nov 10)