chimera15

After a week of intense study and experimentation I finally totally figured out what this post meant entirely. My problem was simple file sharing. There's no way into a machine with that turned on, even if you know the password, have the firewall down, and everything is there? What about even like remote registry editing? Is there an ipc$ exploit which you can still connect to that works with metasploit, that you can then get in and disable sfs? Alternatively, I've tried some stuff with metasploit framework, but nothing seemed to do the trick, is there one for an xp pro sp3 system that's commonly used that will let me drop sfs? I guess I have to do some more research. lol

Yes I read about a way to make the machine completely open, with no password, but I don't want to do that, because of the reason you said. I'm trying to go for a null password that will keep everyone else out but me. If you do it with a password, it's been shown it's way too easy to hack.

Ah that's interesting. I haven't heard of a reverse shell before.. I'll research that. I had read about a bunch of metasploits that would allow it that were patched. Thanks a lot.

It'd be easier if I could find a software that already worked without having to use a password though wouldn't it? Then figure out how to remote install it without having to log into the machine... I mean I've tried everything I can find, I've even tried like prorat and stuff like that, and no go. sigh

I see. So what I need really is like a worm that I could drop into the shared folder and it'd then install itself or something...

Yeah, I know that. That's the response I've gotten on every post I've ever seen or made, but how does it stop it then? At least what's the logic of it. Does it say, because there's no password, I'm not letting anyone in, or is it just that noon can give the right password, so it doesn't let anyone in? For instance, maybe there's a character set that you could input that would equal a null password. There has to be some vulnerability somewhere. The machines still have ports open, so they must be vulnerable through that at least? How did gateway remote control my system, was it through rdp or something? The machine is still susceptible through virus's and trojans, so how would that work, and which ones? My next idea was to try to make use of a remote password changer, to change the password from null to something, but never got around to actually doing it.

Almost all my xp machines are set up on my network with null passwords, but have sharing enabled. Is there a way to log into a remote xp machine with a null password? Maybe if I dumped a trojan in a shared folder or something?(although I don't like this method cause it would compromise security of course) Currently I can't use remote desktop or anything, even with the client installed on the remote machine, it still wants the system password. I have been able to receive remote desktop help from gateway though with remote service, is there a special one that isn't based on vnc or something like that? Would a remote password changer work?