""ET EXPLOIT Pwdump3e Password Hash Retrieval port 139""

SID: 2000568

Revision: 11

Class Type: misc-attack

Metadata: created_at 2010_07_30, updated_at 2010_11_04

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: 139

Destination Network: any

Destination Port: any

Flow: from_server,established

Contents:

• Value: "|3a 00|5|00|0|00|0|3a|"

Within:

PCRE:

Special Options:

source