Notices where this attachment appears
-
Embed this notice
DilDog (dildog@hackers.town)'s status on Monday, 23-Jan-2023 03:56:45 JST 
DilDog
That time i basically invented pass the hash exploits / ntlm challenge forwarding but didnt get credit because i kept the real exploit for this issue a secret. 23 years later i regret not posting my modified smbclient that did connectback pth in 2000…
AtStake would have fired me because despite the l0pht’s best efforts they put a moratorium on exploit code that could be actually used. The scope and impact of this kind of issue (definitely not limited to telnet haha, simply file://unc in the right places was enough to trigger auths back then) wasn’t fully realized until much later but anyway, here’s the cve from then.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.