Netbios auditing tool
smb-nat [-o <output>] [-u <userlist>] [-p <passlist>] <address>
smb-nat is a tool written to perform various security checks on systems offering the NetBIOS file sharing service. smb-nat will attempt to retrieve all information availible from the remote server, and attempt to access any services provided by the server.
Specify the output file. All results from the scan will be written to the specified file, in addition to standard output.
Specify the file to read usernames from. Usernames will be read from the specified file when attempting to guess the password on the remote server. Usernames should appear one per line in the specified file. A sample username file can be found at /usr/share/smb-nat/userlist.txt.
Specify the file to read passwords from. Passwords will be read from the specified file when attempting to guess the password on the remote server. Passwords should appear one per line in the specified file. A sample password file can be found at /usr/share/smb-nat/passlist.txt.
Addresses should be specified in comma deliminated format, with no spaces. Valid address specifications include:
hostname - "hostname" is added
127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3
127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3
127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3, 127.0.0.7, 127.0.0.10 through 127.0.0.20.
hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through 127.0.0.1
All combinations of hostnames and address ranges as specified above are valid.
If no userlist or password list files are specified on the command line, a small set of defaults are used. This list includes the following:
Usernames
"ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL"
Passwords
"ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD", "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST", "ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL"
The password guessing routines are written in such a way that all passwords are tried for all usernames. Keep this in mind when using larger lists of passwords and usernames, as the time required increases exponentially with the size of these lists.
This version of smb-nat has been tested against Windows NT 4.0 and various versions of the Samba server written by Andrew Tridgell.
This version of smb-nat has been tested and compiled on the following operating systems: Solaris 2.5, Linux 2.0, FreeBSD 2.1.5, OpenBSD 2.0, BSDI 2.1, Windows NT 4.0, Windows 95
smb-nat, /usr/share/smb-nat/userlist.txt, /usr/share/smb-nat/passlist.txt