Date : Wed, 02 Nov 2011 21:57:41 +0000
From : jgh@... (jgh@...)
Subject: Request for Help - Security Research Project
Phil Blundell wrote:
> result". So, although you couldn't actually recover the password
> from
> the wire traffic, you could recover the hash which was just as good
> as
> the password for the purpose of logging on.
You could grab the hash off the wire, but it was of no use to you
as it was only valid for the station that had requested it, and
only if the folloing NetFS_op was an attempt to log on, so the
only way you could do it was to nip around to the logging-on
station and pull out the network cable at the correct millisecond
between the NetFS_Op(PasswordHash) and the NetFS_Op(Command),
change your station's network ID to the other machine's, and send
a hashed NetFS_Op(Command) from your station with it's new ID, all
within less than a second or so.
JGH