Saturday, November 15, 2008

Squirtle and MS08-068

HD Moore already did some great analysis on how the MS08-068 patch affected the SMB Relay attacks within Metasploit. The answer?

You can't attack the source workstation/server if MS08-068 has been applied.

This ONLY affects Squirtle if your evil agent attempts to communicate back to the victim. It should not impact attacking their IMAP, HTTP or File/Print servers.

As always the goal of Squirtle is to permit others to extend their own tools to permit the use of authentication requests from controlled browsers and at your own time or when the right users click on your evil link!

Have fun with the latest updates and thanks to Natron for pointing me towards HD's analysis.

No comments: