Comments on: My SQL Exfiltrating Data Over Out Of Band Channels(OOB) http://www.notsosecure.com/folder2/2009/02/13/my-sql-exfiltrating-data-over-out-of-band-channelsoob/ From Pentesters To Pentesters Sun, 22 Aug 2010 14:39:55 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: kuza55 http://www.notsosecure.com/folder2/2009/02/13/my-sql-exfiltrating-data-over-out-of-band-channelsoob/comment-page-1/#comment-76328 kuza55 Wed, 04 Mar 2009 11:59:51 +0000 http://www.notsosecure.com/folder2/?p=180#comment-76328 Do you know what preconditions need to be satisfied for the app to start sending NTLM credentials? I assume they have to be domain joined, but is there anything else? And do you know how IE has fixed this to stop internet sites from getting user hashes? Given windows file functionality interprets UNC paths natively, this seems like something that could be utilised to hack a whole lot of other software... Do you know what preconditions need to be satisfied for the app to start sending NTLM credentials? I assume they have to be domain joined, but is there anything else? And do you know how IE has fixed this to stop internet sites from getting user hashes?

Given windows file functionality interprets UNC paths natively, this seems like something that could be utilised to hack a whole lot of other software…

]]> By: Reiners http://www.notsosecure.com/folder2/2009/02/13/my-sql-exfiltrating-data-over-out-of-band-channelsoob/comment-page-1/#comment-71945 Reiners Wed, 18 Feb 2009 17:50:10 +0000 http://www.notsosecure.com/folder2/?p=180#comment-71945 very nice :) I remember playing with this before but I couldnt get it working at that time. very nice :) I remember playing with this before but I couldnt get it working at that time.

]]>