Re: [PEN-TEST] NetBIOS Auditing Tool

[Erik Tayler <erik () digitaloffense net>]

I can't speak for the original poster, but I would assume he is using the
nbaudit that is in the FreeBSD ports [I can see it in 4.0 at least]. If you
download the source, after compilation, there are two binaries, "nat" and
"nbaudit". Description is below:

> NetBIOS Auditing Tool / Security Kit
>
> The intention of this package is to perform various security checks on
> remote servers running NetBIOS file sharing services.
> nat will attempt to retrieve all information availible from the remote
> server, and attempt to access any services provided by the server.
>
> -- David O'Brien
>   obrien () NUXI com

Erik Tayler
http://www.14x.net
http://www.digitaloffense.net

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Oliver Friedrichs
Sent: Tuesday, October 10, 2000 2:26 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: NetBIOS Auditing Tool


We released NAT back at Secure Networks a few years ago.  I don't know if
this is the same NAT your referring to.  It was essentially an older version
of Samba that had some heavy changes made to it (Samba code is not pleasant
to look at or work with).  It was automated to grab the NetBIOS name and
password account names in an attempt to access file shares.  Full source was
released, since it was GNU to begin with.  It could very well have been
compiled on NT using gnu-win32, but as it stood, it had a tendancy to be
unstable.

I do recall some other similar tools being released as well by others, and I
think someone also called theirs NAT, so I don't know which tool your using.
I did write a much better version from scratch called smbgrind, (that didn't
use Samba code) which is part of CyberCop Scanner, it allows you to specify
any number of parallel grinders, so you can have 10+ connections guessing
passwords in parallel.  I believe you can still download a fully functional
trial version from the NAI site.