- The SMB Downgrade Attacker FAQ -

Q: How do I unbind TCP port 139 in Windows NT?
A: Click Start - Settings - Control Panel - Network - Bindings. Select "all protocols" and mark "WINS Client (TCP/IP)". Then click Disable - OK. Reboot your computer for the change to take effect.
Q: When I try to map a share on the computer running the SMB Downgrade Attacker, I get the error message "System error 1240 has occurred. The account is not authorized to login from this station.". What's wrong?
A: The client computer is probably Windows NT 4.0 with SP3 or later. If it is, the SMB redirector refuses to send plaintext passwords with the default configuration. However, you can circumvent that (but remember that lowers the security). Go to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters and add the value EnablePlainTextPassword as a REG_DWORD that contains the data 1.
Q: What does "Client bailed out!" mean?
A: Most of the time it means that the client refuses to send the password in plaintext.
Q: I have problems with the SMB Downgrade Attacker and Windows 9x, what should I do?
A: The SMB Downgrade Attacker has only been written and tested on Windows NT. If it works on other systems that's great, if it doesn't, that's the reason.
Q: I have a question that is not covered by this FAQ. Where can I get help?
A: Send a mail to winnt@bahnhof.se with your question. I can't promise that I will have time to answer, but I'll do my best.



[Home]  [Security Advisories]  [The Toolbox]  [The Trashcan]

© 1999, Arne Vidström