Metasploit mailing list archives
ntlm over http
From: hdm at metasploit.com (H D Moore)
Date: Mon, 1 Oct 2007 11:29:39 -0500
Yup. Windows XP SP2 prevents re-binds over 139/445 by using the exclusive option for the socket. Using HTTP/NTLM should resolve this. On Monday 01 October 2007 10:38, natronicus wrote:
When you switch to port 80, you don't have to listen on 139 anymore. I need to verify what the src port is when metasploit does its connections to the remote computer (some SMB clients use 139 as the src port), but that can be changed to a random high port and it works just as well.
Current thread:
- ntlm over http natronicus (Oct 01)
- ntlm over http H D Moore (Oct 01)