From: Thor (thor@hammerofgod.com)
Date: Thu Oct 09 2003 - 13:31:02 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings Security Professionals:
I need to make a correction to an earlier post where I announced the new
version of TSGrinder.
I posted:
"One cool thing is that even if you lock out an account, you can
continue to BF it; since the RDP logon is an extension of the normal
console logon, you can tell when you get valid creds by the "your
account is locked out" message as opposed to the normal "bad username
and password" message."
As Eliot Mansfield pointed out in an email to me, this is not correct. You
can only determine if
you have ascertained a correct username, but not the password, as you get
the "locked out" message
whether you enter a correct password or not- this is case for Win2k, Win2k3,
and XP.
I should have tested this better before posting, and I apologize for
dispensing incorrect information.
Thanks to Eliot for correcting me.
Cheers,
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP4Wa9IhsmyD15h5gEQJO3ACgsbGiwrkZT1L3sUsHcOBZn6ze8h8AoPLl
ivPEEoEFEDIvgAJpX/yMH4Qe
=Va0g
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT