Everhart,Glenn
From:	Kurt Buff [kurtb@pointshare.com]
Sent:	Wednesday, April 15, 1998 2:43 PM
To:	'Mark de Moor'; ntsecurity@iss.net
Subject:	RE: [NTSEC] Strange things with NAT (Netbios auditing tool..)

TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

looks to me like the password is a space character, when what you want is no
characters at all, AKA a null password. Try that and see what happens.

-----Original Message-----
From: owner-ntsecurity@iss.net [mailto:owner-ntsecurity@iss.net]On
Behalf Of Mark de Moor
Sent: Wednesday, April 12, 2000 2:20 PM
To: ntsecurity@iss.net
Subject: [NTSEC] Strange things with NAT (Netbios auditing tool..)



TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

Hi..

I did some experiments with NAT on my NT server.
The program checks valid accounts by 'brute-forcing' name and password..

On my machine i have a guest account with no password.
(no, this is not a live server :-)

My userlist file contains: guest
		            test
                                    " "

My password file contains: guest
			    test
                                        " "

Can somebody explain this:


[*]--- Attempting to connect with Username: 'guest' Password: ' guest '
[*]--- Attempting to connect with Username: 'guest' Password: ' test '
[*]--- Attempting to connect with Username: 'guest' Password: ' " "'
[*]--- Attempting to connect with Username: 'test' Password: ' guest '
[*]--- Attempting to connect with Username: 'test' Password: ' test '
[*]--- Attempting to connect with Username: 'test' Password: ' " "'
[*]--- Attempting to connect with Username: '" "' Password: 'guest'
[*]--- Attempting to connect with Username: '" "' Password: ' test '
[*]--- Attempting to connect with Username: '" "' Password: ' " "'
[*]--- CONNECTED: Username: ' " " ' Password: ' " " '

And from here on in retrieves server info. (server names, shared resources
etc)

I cannot allways reproduce this.

I tried the " " because i thought that meant 'blank password'.
Doesnt seem to be because it doesnt crack my guest account (wich has a
blank password)

Thanks,
Mark