tag:blogger.com,1999:blog-8539880144347728238.post3776071944205700810..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: More On Leveraging Client-Side Exploits In Your Pentests--smb relayUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-8539880144347728238.post-18122102444390627292008-08-21T13:52:00.000-04:002008-08-21T13:52:00.000-04:00any more info on what happened? it still timed out...any more info on what happened? it still timed out?<BR/><BR/>I didnt try yet, but i can try to check it out this weekend.CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-31782172174585822632008-08-09T03:10:00.000-04:002008-08-09T03:10:00.000-04:00I tried the migrate script trick but wasn't able t...I tried the migrate script trick but wasn't able to make it work, did anyone has more success?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-31067458327759551232008-07-30T15:15:00.000-04:002008-07-30T15:15:00.000-04:00i guess what i meant was...isnt that patched yet?w...i guess what i meant was...isnt that patched yet?<BR/><BR/>what are you doing? advertising your box as wpad on the internal network?CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-44586663653897040472008-07-28T09:24:00.000-04:002008-07-28T09:24:00.000-04:00Sometimes. I figure it's an easy finding and sure...Sometimes. I figure it's an easy finding and sure-fire way to get some credentials. Social engineering wasn't in-scope for the engagement, so it made sense.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-51817222299682406122008-07-27T13:07:00.000-04:002008-07-27T13:07:00.000-04:00does that WPAD stuff still work?does that WPAD stuff still work?CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-50090893529994579752008-07-27T11:54:00.000-04:002008-07-27T11:54:00.000-04:00Great story. I used the same thing in a pentest a...Great story. I used the same thing in a pentest a couple weeks back, except used WPAD to direct users to a web server on my laptop.Anonymousnoreply@blogger.com