Networking Security Flaw in Win2K/NT
A new exploit for creating a "middle-man" connection between a client and a server,
via SMB. The exploit was found by Cult of the Dead Cow (aka L0pht (which were 'acquired' by @stake Laboratories who are the same guys that run HNN now)). Eitherways, check out SecurityFocus for the full story...
Update: The tool used to exploit this condition is called SMBRelay. If you're interested, here are the download links:
SMBRelay Win32 source
SMBRelay Win32 binary
SMBRelay2 Win32 source
SMBRelay2 Win32 binary
Incase you're wondering, SMBRelay2 is a similar tool that works at the NetBIOS level, and should work across any protocol NetBIOS is bound to (such as NetBEUI or TCP/IP). Rather
than using IP addresses, SMBRelay2 uses NetBIOS names. It also supports mitm'ing to a third host. However, it currently supports
listening on only one name, so the target must attempt to connect to that name for SMBRelay2 to operate (the local name), so the target
must attempt to access a resource on LocalName.
Enjoy. :)