SMBRelay

SMBRelay and SMBRelay2 are computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines. They were written by Sir Dystic of CULT OF THE DEAD COW (cDc) and released March 21, 2001 at the @lantacon convention in Atlanta, Georgia. More than seven years after its release, Microsoft released a patch that fixed the hole exploited by SMBRelay. This fix only fixes the vulnerability when the SMB is reflected back to the client. If it is forwarded to another host, the vulnerability can be still exploited.

SMBRelay

SMBrelay receives a connection on UDP port 139 and relays the packets between the client and server of the connecting Windows machine to the originating computer's port 139. It modifies these packets when necessary.

After connecting and authenticating, the target's client is disconnected and SMBRelay binds to port 139 on a new IP address. This relay address can then be connected to directly using "net use \\192.1.1.1" and then used by all of the networking functions built into Windows. The program relays all of the SMB traffic, excluding negotiation and authentication. As long as the target host remains connected, the user can disconnect from and reconnect to this virtual IP.

This page contains text from Wikipedia, the Free Encyclopedia - https://wn.com/SMBRelay

Podcasts:

Email this Page Play all in Full Screen Show More Related Videos

back

Most Related
Most Recent
Most Popular
Top Rated

expand screen to full width
repeat playlist
shuffle
replay video
clear playlist restore
images list

PLAYLIST TIME:

SMBRelay

SMBRelay

Podcasts:

EXPLORE WN.com