Dear Sir,

Port redirection is for MITM machine. what i am thinking is, the machine in between should redirect the traffic to another malicious machine. The link you forwarded will redirect from the destination, not from the MITM machine. Kindly correct me if i am wrong

And yes this is for my lab setup

Dear Sir,

Sorry i think i wasnt able to explain properly. I dont have any win98 in my environment. See my assumptions (based on my research)

1) Windows 2003 server and windows xp are genuine machines that need to perform authentication (most likely ntlm)
2) I introduce windows 98 in between as MITM.
3) Now when win2003 needs to perform authentication with windows xp like this
\\<windows-xp-ip>
i want to redirect traffic to windows 98 so that authentication is now forced to LM, so that i can sniff the passwords.

I hope its clear, kindly suggest now

Hi all.

I have read that windows 2003 server supports LM authentication for backward compatibility with older windows machine. In my lab setup, i have windows 2003 server, backtrack r4, and windows 98 and windows xp. Now the communication is genuine between 2003 server and windows xp but i need to redirect 2003 authentication to windows 98 so that passwords are sent in lm hashes rather than ntlm. This is hypothetical at this point. Before actually doing this setup, i just need to know am i thinking in the right direction ? can i sniff lm hashes using this way ?

Dear Sir,

Thanks for both wonderful replies, i really cant thank enough since hearing from experts and their opinions are always worthwile.

There are 2 things i want to ask, one of them being OT.

1) Sir, i was thinking that if we can tune our HIPS properly ( i know time consuming) then it can turn a vulenrable server into impenetrable machine. Is this practically possible

2) Second may seem OT but its basically related to above. If proper measures are taken, can we say practically the desktop machine is now secure ? or the chance that it can be hacked will always be there

Hi all,

I just need your guys opinion about HIPS and pc firewalls. We have some servers (windows 2003 and 2008) that we need to further protect with either or both of above mentioned systems. This is just a recommendation from our IS deptt and we need to give them a reliable demo to see if this actually works. Basically the point is, our servers may (and in most cases will) run vulnerable services but we need to place some sort of pc based security solution that can stop malicious attempts. I know the requirement is bit vague but when i searched the internet, there were few pc based firewalls but i found very little information of any famous HIPS. But since we need to monitor applications behaviour (like http, sql etc) we need some sort of application level monitoring for malicious packets, and the biggest requirement of all, we need to customize or even create or own rules/signatures to prevent from attacks.

Now i know of snort, sorry for my 2 stupid questions
1) can it prevent from attacks also
2) can it be used ideally as HIPS ?

Anyone has any suggestions for any powerful host based security solutions, almost impenetrablea :-)

I am very sorry. It wasnt a typo but i remembered sp3 as sp4, my bad. Sorry for my stupid mistake.

Basically what i wanted to ask is, with firewall enabled, and all the updates released so far XP, is pass the hash attack still successful. At my home pc, i tried using VMs but it didnt work. So is my pc secure OS wise in terms of pass the hash attack ? has anyone tried with all the patches installed ?

I am asking this to make sure i didnt made any mistake while doing the attack. Need your confirmation in this

My apologies again for sp4 confusion

Yes that could be one way of doing it. But i just wanted to know about the OS itself, is it currently unexploitable ?

Hi all.

I have done some research on my own but wasnt successful. i am just getting started with security stuff in terms of system hacking. I am a network engineer (cisco based) and have a good knowledge of networks and related protocols.

What currently interests me, is windows xp (with sp4 and other patches uptodate) is still exploitable. Can we still use pass the hash attack to exploit the machine ?

I know i should have tried it first but just wanted to get some feedback from you guys :-)

If i asked something stupid then please pardon me and correct me

Hi all.

This is my first post and i will try my best not to ask anything unethical. Since i am new to exploit discovery process, i may need some guidance. I want to ask that, in our environment, we use Dameware mini remote control to take remote sessions of PCs (mostly windows xp). I was thinking of how to fuzz a gui based application ? When i need to take session, i simply open mini remote control, enter the ip and username/password of remote PC's client, and there i go.

What i basically want to ask that is it possible to fuzz GUI based applications, those that dont take input directly from CLI ?