[foofus-tools] All in one (pwdump6, fgdump, medusa).

Ron ron at skullsecurity.net
Mon Mar 23 16:45:43 PDT 2009


Richard Miles wrote:
> Hi Ron,
> 
> Thanks for reply.
> 
>> Besides what jmk said, also note that Vista and above (2008, 7, etc) disable
>> Lanman by default, you'll only get NTLM.
> 
> Really bad.
Yeah :-/

> 
>> You can use the PTH program "iam.exe", the Samba patch works, Metasploit's
>> windows/smb/psexec payload, or my Nmap scripts (in Nmap 4.85beta3 and
>> higher), depending on what you're trying to do.
> 
> I'm unable of use "iam.exe" it is automatic deleted from the system
> when I copy it, I think it's the norton AV. if I stop all services
> with name symantec and copy a version packed with upx it is not
> deteled, but when I try execute, it return "access denied".
> 
> This AV appear to be hard to fight. Any clue?
That definitely sounds like AV causing issues. Try packing/encrypting
the exe -- upx seems to work well. You can also re-compile it if you
have the ability -- generally that'll fix everything. If the AV is
looking at behaviour-based stuff, you're probably outta luck.
> 
> My goal is get a shell at the system. The problem is that the box I'm
> using to lunch attacks is a very old linux, all old libs, etc. Most
> app do not compile or work.
> 
> Does this psexec from metasploit run with pass the hash? Does it run
> in metasploit version 2? If yes, can you give me some link?
psexec does pass the hash, although I'm not sure how it deals with only
having a single hash. I suspect you can do it, though, just by zeroing
out the LM hash.

I believe that psexec is only in 3.0 and higher, so you're outta luck if
you don't have Ruby.

> 
> And what about your nmap script?
My Nmap scripts can also pass the hash, but they only exist in 4.85beta3
and higher. The best bet is probably to compile it statically
(./configure && make static) and scp it to your old box. Not positive
that'll work, but it's worth a shot.

If you're having issues with Nmap not compiling on older systems, the
folks at Nmap-dev should be able to help you out.

> 
>> Hope that helps!
>> Ron
> 
> Thanks


Ron

-- 
Ron Bowes
http://www.skullsecurity.org/



More information about the foofus-tools mailing list