NAME
smb-nat - NetBIOS Auditing Tool
SYNOPSIS
smb-nat [-o <output>] [-u <userlist>] [-p <passlist>] <address>
DESCRIPTION
smb-nat is a tool written to perform various security checks on systems
offering the NetBIOS file sharing service. smb-nat will attempt to
retrieve all information availible from the remote server, and attempt
to access any services provided by the server.
OPTIONS
-o Specify the output file. All results from the scan will be
written to the specified file, in addition to standard output.
-u Specify the file to read usernames from. Usernames will be read
from the specified file when attempting to guess the password on
the remote server. Usernames should appear one per line in the
specified file. A sample username file can be found at
/usr/share/smb-nat/userlist.txt.
-p Specify the file to read passwords from. Passwords will be read
from the specified file when attempting to guess the password on
the remote server. Passwords should appear one per line in the
specified file. A sample password file can be found at
/usr/share/smb-nat/passlist.txt.
<address>
Addresses should be specified in comma deliminated format, with
no spaces. Valid address specifications include:
hostname - "hostname" is added
127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3
127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3
127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3,
127.0.0.7, 127.0.0.10 through 127.0.0.20.
hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through
127.0.0.1
All combinations of hostnames and address ranges as specified
above are valid.
If no userlist or password list files are specified on the command
line, a small set of defaults are used. This list includes the
following:
Usernames
"ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO",
"TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL"
Passwords
"ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD", "TEMP",
"SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST",
"ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL"
The password guessing routines are written in such a way that all
passwords are tried for all usernames. Keep this in mind when using
larger lists of passwords and usernames, as the time required increases
exponentially with the size of these lists.
SUPPORTED PLATFORMS
This version of smb-nat has been tested against Windows NT 4.0 and
various versions of the Samba server written by Andrew Tridgell.
This version of smb-nat has been tested and compiled on the following
operating systems: Solaris 2.5, Linux 2.0, FreeBSD 2.1.5, OpenBSD 2.0,
BSDI 2.1, Windows NT 4.0, Windows 95
FILES
smb-nat, /usr/share/smb-nat/userlist.txt, /usr/share/smb-
nat/passlist.txt
NAT(1)