Hello,
I have tried several ipcscan programs to try to pick up the user/pass of my other computer running winxp with newest updates. It will work on the other two computers in my house that are running win2k not on the XP computer.

Using \\XPcomputer\C$ on my computer will prompt me for a user/pass which I then enter in the remote computer's Administrator/pass but after I enter them it will prompt me again as if I entered them incorrect. But if I type the same thing on the XPcomputer itself it will work of course. While this will work on the other win2k computers it just won't work on the XP computer.

Netbios is on as is the guest accout with an empty password. There is no firewall, ports 135, 139 and 445 are open and picked up on a scan. Starting to wonder if it is just something with updated XP computers or it is just me. I just not sure what else I need to do, if anyone has any suggestions please let me know.

Thanks,
bLuEScReeN

edit: This looks like the same problem I am having http://neworder.box.sk/board.php?disp=1478...=edge0&closed=1
I tried to use psexec and get the same thing "Access denied."
Anyone able to get psexec to work with WinXP?

I haven't had much problems accessing XP across a network, but I've always connected to XP Pro not home edition. I've run psexec on xp, just executing as well as copy and execute.

The only time I've seen the prompt after I entered a valid account, I was able to bypass by prefixing the local machine name before the user name, like how you do it in a domain environment.

machinename\username

so net use z: \\targetip\c$ password /user:machinename\username

or if in domain

net use z: \\targetip\c$ password /user:domainname\username

can also try

net use z: \\targetip\c$ password /user:workgroupname\username

If you are still having problems then try a

net use * /delete

to clear existing connections, then retry one of the other methods I mentioned above.

Thanks for the suggestion but it still didn't work.
Those commands work on the 2k machines just fine.

I used
C:\>net use * /delete
You have these remote connections:

\\192.168.1.100\admin$
\\192.168.1.103\IPC$
\\xpcomputer\ipc$
Continuing will cancel the connections.

Do you want to continue this operation? (Y/N) [N]: y
The command completed successfully.

Then
C:\>net use \\192.168.1.103\C$ password /user:xpcomputer\Administrator
System error 5 has occurred.

Access is denied.

I also tried the z: but I am not sure why you would put z: in the first place. If you could clear that up that would be great.
C:\>net use z:\\192.168.1.103\C$ password /user:xpcomputer\Administrator
System error 67 has occurred.

The network name cannot be found.

krackatoa: Does the XP computer you access across a network have the newest windows updates?

the z: is for asigning a local drive leter to the share like u have your A:, C:, D:

adding the z infromt will asingn that drive letter to the remote computer's shared drive on your local machine
hope that answered your question

deathscythe: Thanks for clearing that up for me and I assume it will assign to the drive if it can only make a connection in the first place. But I am still having the same problem as before.
I found yet someone else that seems to be in the same ballpark as me but still no answers.
http://www.computer-forums.co.uk/forum/vie...7&view=previous

It was fully patched systems.

I don't know if the home edition has network access restrictions, I seem to remember that it may have.

Can you do:

net use \\IP\ipc$ password /user:administrator

This will determine if you can connect at all with the account you are using. If you can't do this then you may as well quit trying.

The other thing you can try is sharing a new folder on the xp machine and seeing if you can access that.

Yes, I can do:

net use \\IP\ipc$ password /user:administrator

and it works just fine.

I can access a New folder I shared using the network and by using:

net use \\192.168.1.100\NewFolder password /user:Administrator

The system I am trying to access is also using XP Pro with no service pack with all the windows updates.

Once you have that administrator IPC$ session you should be able to browse right to \\IP\c$ and not be prompted for authentication. If you can't access c$, I'd do a net share and insure that C$ is shared on the target.

Disable the guest account too. If you don't have pass through permissions, I think XP reverts to the guest account which will end up access denied on C$ since you need admin rights to access it.

If none of that works, I'd need to get my hands on it to get any further.

I see the problem. If you are in a workgroup, by default xp seems to connect you to all remote shares as guest . This does not appear to be the case for domain based systems.

To fix it, go to administrative tools, local security policy, expand the local policies and then click "security options"

Find the network access: Sharing and Security Model for local accounts and change that entry to: Classic - Local users authenticate as themselves

This will fix it

ahhh yes!

That did indeed fix it.

Thank you very much.

So I guess it is impossible to brute force an XP machine that is on a workgroup when it has network access: Sharing and Security Model for local accounts set to guest only?

I suppose you could brute force via the IPC$ share but would only be able to access shares other than the default hidden shares.

Alright, do you know of any program that will brute force via the IPC$ share? If not that is fine. It just might come in handy sometime.

go on astalavista.com and theres some stuff on there about the RPC exploit and how to use it its simple reed about that its easier it worx with XP and 2000.

yea..astalavista should be good