[Snort-sigs] FP on BLEEDING-EDGE Pwdump3e Password Hash Retrieval

Matt Ostiguy ostiguy at ...2420...
Fri Jul 30 07:30:59 EDT 2004


I am running the current rules for pwdump3e, and got this FP. this is
from a windows fileserver we use to dump the contents of cds from
which to install from. Don't know what program was being accessed
through windows file sharing that generated this

000 : 00 00 00 00 00 03 00 31 00 3A 00 31 00 03 00 31   .......1.:.1...1
010 : 00 3A 00 32 00 05 00 31 00 3A 00 32 00 2E 00 35   .:.2...1.:.2...5
020 : 00 03 00 31 00 3A 00 35 00 04 00 31 00 3A 00 31   ...1.:.5...1.:.1
030 : 00 30 00 04 00 31 00 3A 00 32 00 30 00 04 00 31   .0...1.:.2.0...1
040 : 00 3A 00 32 00 35 00 04 00 31 00 3A 00 35 00 30   .:.2.5...1.:.5.0
050 : 00 05 00 31 00 3A 00 31 00 30 00 30 00 05 00 31   ...1.:.1.0.0...1
060 : 00 3A 00 32 00 30 00 30 00 05 00 31 00 3A 00 35   .:.2.0.0...1.:.5
070 : 00 30 00 30 00 06 00 31 00 3A 00 31 00 30 00 30   .0.0...1.:.1.0.0
080 : 00 30 00 04 00 31 00 30 00 3A 00 31 00 04 00 32   .0...1.0.:.1...2
090 : 00 30 00 3A 00 31 00 04 00 35 00 30 00 3A 00 31   .0.:.1...5.0.:.1
0a0 : 00 00 00 05 00 31 00 30 00 30 00 3A 00 31 00 00   .....1.0.0.:.1..
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07   ................
0e0 : 00 43 00 6F 00 6E 00 76 00 65 00 72 00 74 00 0D   .C.o.n.v.e.r.t..
0f0 : 00 43 00 6F 00 6E 00 76 00 65 00 72 00 74 00 69   .C.o.n.v.e.r.t.i
100 : 00 6E 00 67 00 2E 00 2E 00 2E 00 00 00 00 00 00   .n.g............
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
130 : 00 00 00 00 00 00 00 01 00 30 00 01 00 7C 00 00   .........0...|..
140 : 00 00 00 06 00 41 00 54 00 54 00 52 00 49 00 42   .....A.T.T.R.I.B
150 : 00 06 00 49 00 4E 00 53 00 45 00 52 00 54 00 05   ...I.N.S.E.R.T..
160 : 00 53 00 63 00 61 00 6C 00 65 00 20 00 22 00 53   .S.c.a.l.e. .".S
170 : 00 63 00 61 00 6C 00 65 00 20 00 72 00 65 00 6C   .c.a.l.e. .r.e.l
180 : 00 61 00 74 00 69 00 76 00 65 00 20 00 74 00 6F   .a.t.i.v.e. .t.o
190 : 00 20 00 50 00 61 00 70 00 65 00 72 00 20 00 73   . .P.a.p.e.r. .s
1a0 : 00 70 00 61 00 63 00 65 00 2E 00 22 00 0E 00 56   .p.a.c.e..."...V
1b0 : 00 69 00 65 00 77 00 50 00 6F 00 72 00 74 00 20   .i.e.w.P.o.r.t. 
1c0 : 00 73 00 63 00 61 00 6C 00 65 00 00 00 00 00 00   .s.c.a.l.e......
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1e0 : 00 00 00 00 00 00 00 00 00 11 00 41 00 75 00 74   ...........A.u.t
1f0 : 00 6F 00 43 00 41 00 44 00 20 00 52 00 65 00 6C   .o.C.A.D. .R.e.l
200 : 00 65 00 61 00 73 00 65 00 20 00 37 00 11 00 41   .e.a.s.e. .7...A
210 : 00 75 00 74 00 6F 00 43 00 41 00 44 00 20 00 52   .u.t.o.C.A.D. .R
220 : 00 65 00 6C 00 65 00 61 00 73 00 65 00 20 00 38   .e.l.e.a.s.e. .8
230 : 00 11 00 41 00 75 00 74 00 6F 00 43 00 41 00 44   ...A.u.t.o.C.A.D
240 : 00 20 00 52 00 65 00 6C 00 65 00 61 00 73 00 65   . .R.e.l.e.a.s.e
250 : 00 20 00 39 00 12 00 41 00 75 00 74 00 6F 00 43   . .9...A.u.t.o.C
260 : 00 41 00 44 00 20 00 52 00 65 00 6C 00 65 00 61   .A.D. .R.e.l.e.a
270 : 00 73 00 65 00 20 00 31 00 30 00 12 00 41 00 75   .s.e. .1.0...A.u
280 : 00 74 00 6F 00 43 00 41 00 44 00 20 00 52 00 65   .t.o.C.A.D. .R.e
290 : 00 6C 00 65 00 61 00 73 00 65 00 20 00 31 00 31   .l.e.a.s.e. .1.1
2a0 : 00 12 00 41 00 75 00 74 00 6F 00 43 00 41 00 44   ...A.u.t.o.C.A.D
2b0 : 00 20 00 52 00 65 00 6C 00 65 00 61 00 73 00 65   . .R.e.l.e.a.s.e
2c0 : 00 20 00 31 00 32 00 12 00 41 00 75 00 74 00 6F   . .1.2...A.u.t.o
2d0 : 00 43 00 41 00 44 00 20 00 52 00 65 00 6C 00 65   .C.A.D. .R.e.l.e
2e0 : 00 61 00 73 00 65 00 20 00 31 00 33 00 12 00 41   .a.s.e. .1.3...A
2f0 : 00 75 00 74 00 6F 00 43 00 41 00 44 00 20 00 52   .u.t.o.C.A.D. .R
300 : 00 65 00 6C 00 65 00 61 00 73 00 65 00 20 00 31   .e.l.e.a.s.e. .1
310 : 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00   .4..............
320 : 00 00 00 0B 00 26 00 43 00 6F 00 6E 00 76 00 65   .....&.C.o.n.v.e
330 : 00 72 00 74 00 2E 00 2E 00 2E 00 0E 00 26 00 50   .r.t.........&.P
340 : 00 72 00 6F 00 70 00 65 00 72 00 74 00 69 00 65   .r.o.p.e.r.t.i.e
350 : 00 73 00 2E 00 2E 00 2E 00 00 00 00 00 00 00 00   .s..............
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00               ............




More information about the Snort-sigs mailing list