MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash

[hdm at metasploit.com (H D Moore)]

On Tue, 2009-03-24 at 20:09 -0400, Developer Developer wrote:
> I am using MSF 3.3 Beta as a part of BackTrack release on Ubuntu. When
> I use browser_autopwn against Vista SP1 or XP SP3, the exploit always
> fail to Authenticate. As a results I never get a single session. Here
> is the extracts from the exploits.
>  
> Any idea how can I make the exploit successfully use NTLM hashes and
> establish a session? My passowrds are less than 5 characters in both
> machines:

Could be a few things:

1. The machines have MS08-068 applied, which prevents a direct
authentication reflection. See:
http://blog.metasploit.com/2008/11/ms08-067-metasploit-and-smb-relay.html

2. Both machines are not configured to allow local user logins over the
network. This is default for when the machines are not joined to a
domain. We detect this situation with XP SP2, but that method may not
work for SP3. If the machines are joined to a domain this should not be
an issue.

3. Both machines may be configured to require signing, which the SMB
library in metasploit still does not support. Patches welcome, but its
hairy, which is why its not done already :)