[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sectools
Subject:    SMBRelay
From:       Elias Levy <aleph1 () SECURITYFOCUS ! COM>
Date:       2001-04-19 15:49:20
[Download RAW message or body]

http://pr0n.newhackcity.net/~sd/smbrelay.html

Smbrelay is a program that receives a connection on port 139, connects back to
the connecting computer's port 139, and relays the packets between the client
and server of the connecting Windows machine, making modifications to these
packets when necessary.

After connecting and authenticating it disconnects the target's client and
binds to port 139 on a new IP address. This IP address (the relay address) can
then be connected to directly from windows using
    "net use \\192.1.1.1"
and then used by all of the networking built into Windows. It relays all the
SMB traffic, except for the negotiation and authentication. You can disconnect
from and reconnect to this virtual IP as long as the target host stays
connected.

SMBRelay is multi-threaded and handles multiple connections simultaneously. It
will create new IP addresses sequentially, removing them when the target host
disconnects. It will not allow the same IP address to connect twice, unless a
successful connection to that target was achieved and disconnected. If this
happens, it may use the same same relay address again for another connection.

SMBRelay collects the NTLM password hashes transmitted and writes them to
hashes.txt in a format usable by L0phtcrack so the passwords can be cracked
later.


--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

[prev in list] [next in list] [prev in thread] [next in thread]