--- nat-1.0.orig/nmb.c +++ nat-1.0/nmb.c @@ -40,7 +40,6 @@ #endif /* SCANNER */ int Debug1(char *, ...); -int Debug1(); int num_good_sends=0; int num_good_receives=0; --- nat-1.0.orig/nat.1 +++ nat-1.0/nat.1 @@ -17,10 +17,12 @@ Specify the file to read \fBusernames\fP from. Usernames will be read from the specified file when attempting to guess the password on the remote server. Usernames should appear one per line in the specified file. +A sample username file can be found at \fB/usr/share/nat/userlist.txt\fP. .IP \fB-p\fP Specify the file to read \fBpasswords\fP from. Passwords will be read from the specified file when attempting to guess the password on the remote server. Passwords should appear one per line in the specified file. +A sample password file can be found at \fB/usr/share/nat/passlist.txt\fP. .IP \fB
\fP Addresses should be specified in comma deliminated format, with no spaces. Valid address specifications include: @@ -68,4 +70,4 @@ \fBWindows 95\fP .SH FILES -\fBnat\fP, \fBuserlist.txt\fP, \fBpasslist.txt\fP +\fBnat\fP, \fB/usr/share/nat/userlist.txt\fP, \fB/usr/share/nat/passlist.txt\fP --- nat-1.0.orig/client.c +++ nat-1.0/client.c @@ -3613,7 +3613,7 @@ username[0] = '\0'; while (!done) { if (!userfd || !passfd) - uppair(); + done = !uppair(); else { if (fgets(password, sizeof(password), passfd) == NULL) { rewind(passfd); @@ -3636,8 +3636,11 @@ } if ((! *username) && (! *password)) - uppair(); /* sleaze for NT */ + done = !uppair(); /* sleaze for NT */ + if (done) + break; /* Stop when uppair is done */ + #ifdef VERBOSE natprintf("[*]--- Attempting to connect with Username: `%s' Password: `%s'\n", username, password); --- nat-1.0.orig/debian/README.debian +++ nat-1.0/debian/README.debian @@ -0,0 +1,17 @@ +nat for DEBIAN +-------------- + +I (Javier) made this package without being aware that Cristoph Lameter +had already done one for previous Debian releases (it was included, +at least, in Debian 2.0 and Debian 2.1). This package is being sent +again into Debian since it's useful as an audit tool. + +Javier Fernandez-Sanguino , Mon, 11 Nov 2002 12:30:13 +0100 + + +The previous README.Debian is replicated here (it's no longer valid): + +This package is up for adoption. If you want to maintain it for the Debian +Project then please write me. + +Christoph Lameter , Mon, 18 Aug 1997 19:00:01 -0700 --- nat-1.0.orig/debian/changelog +++ nat-1.0/debian/changelog @@ -0,0 +1,50 @@ +nat (1:1.0-4) unstable; urgency=low + + * Applied patch from Andreas Jochens to fix a FTBFS with gcc-3.4 + (Closes: #260670) + + -- Javier Fernandez-Sanguino Pen~a Sun, 13 Feb 2005 12:20:43 +0100 + +nat (1:1.0-3) unstable; urgency=low + + * Applied patch contributed by Jasper van Woudenberg that + should prevent if from segfaulting against w2k targets + (Closes: #171692) + * Fixed lintian warning + + -- Javier Fernandez-Sanguino Pen~a Thu, 3 Apr 2003 23:09:28 +0200 + +nat (1:1.0-2) unstable; urgency=low + + * Fixed description (Closes: #171584) + + -- Javier Fernandez-Sanguino Pen~a Tue, 3 Dec 2002 18:36:30 +0100 + +nat (1:1.0-1) unstable; urgency=low + + * Initial Release (at least I thought it was until I found Christoph's + packages) (Closes: #148988) + * Fixed Makefile to use -DNO_ASMSIGNALH in order to compile properly. + * This package was removed for some reason from Debian 2.1 to Debian 2.2 + since I do not see any (legal) reason for it's removal I'm uploading + it again. + * Fixed the version (it's not 10, it's 1.0!), used epochs in new package + just in case. + * Changed the name of program/manpage from 'nat' to 'smb-nat' (less + generic) + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 May 2002 00:03:46 +0200 + +smb-nat (10-2) unstable; urgency=low + + * Renamed to smb-nat from nat + * build for hamm. + + -- Christoph Lameter Mon, 13 Oct 1997 20:02:59 -0700 + +nat (10-1) unstable; urgency=low + + * Initial Release. + + -- Christoph Lameter Mon, 18 Aug 1997 19:00:01 -0700 + --- nat-1.0.orig/debian/dirs +++ nat-1.0/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/smb-nat --- nat-1.0.orig/debian/control +++ nat-1.0/debian/control @@ -0,0 +1,18 @@ +Source: nat +Section: admin +Priority: extra +Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper (>> 3.0.0) +Standards-Version: 3.5.2 + +Package: smb-nat +Architecture: any +Depends: ${shlibs:Depends} +Replaces: nat +Conflicts: nat +Provides: nat +Description: Netbios Auditing Tool + This tool can perform various security checks on remote + servers running NetBIOS file sharing services. It + is capable of enumerating shares and make break-in attempts + using a (user-provided) list of users and passwords. --- nat-1.0.orig/debian/rules +++ nat-1.0/debian/rules @@ -0,0 +1,87 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +export DH_COMPAT=3 + + + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #/usr/bin/docbook-to-man debian/nat.sgml > nat.1 + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + install -m 755 nat $(CURDIR)/debian/smb-nat/usr/bin/smb-nat + install -m 644 userlist.txt $(CURDIR)/debian/smb-nat/usr/share/smb-nat + install -m 644 passlist.txt $(CURDIR)/debian/smb-nat/usr/share/smb-nat + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs + dh_installexamples + dh_installmenu + dh_installman debian/smb-nat.1 + dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- nat-1.0.orig/debian/copyright +++ nat-1.0/debian/copyright @@ -0,0 +1,64 @@ +This package was debianized (before seeing that Cristoph had done +it quite a while back) by Javier Fernandez-Sanguino Peņa on +Thu, 30 May 2002 00:03:46 +0200. + +This package was debianized by Christoph Lameter clameter@debian.org on +Mon, 18 Aug 1997 19:00:01 -0700. + +It was downloaded from http://www.tux.org/pub/security/secnet/tools/nat10/ +(Note, the old upstream site is no longer available: +ftp.secnet.com:/pub/tools/nat10) + +Upstream Authors: Secure Networks Inc. + + +Copyright (C) Secure Networks Inc., January and February, 1997 +Copyright (C) Andrew Tridgell 1992-1995 + + + +Copyright: + +NetBIOS Security Kit v1.0 + +The intention of this package is to perform various security checks on +remote servers running NetBIOS file sharing services. + +For usage, please see the nat.1 man page or nat.1.txt for the text version. + +In the grand scheme of NetBIOS and Windows NT security, NAT is fairly small. +It is, without question a step in the right direction but it like any other +software, needs further development. In order to continue software like this +to be available for free, it needs to be a community effort. If you are +interested in helping NAT grow, we encourage you to mail us at +nat-dev@secnet.com + +This package is entirely based on code written by Andrew Tridgell and +contains the following license agreement: + +/* + Unix SMB/Netbios implementation. + Version 1.9. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1995 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +Debian note: This software is distributed under the GNU General Public License +you can find a copy of this license in your Debian GNU/Linux system +under /usr/share/common-licenses/. + + --- nat-1.0.orig/debian/smb-nat.1 +++ nat-1.0/debian/smb-nat.1 @@ -0,0 +1,73 @@ +.TH NAT 1 +.SH NAME +smb-nat - NetBIOS Auditing Tool +.SH SYNOPSIS +smb-nat [-o <\fBoutput\fP>] [-u <\fBuserlist\fP>] [-p <\fBpasslist\fP>] \fB
\fP +.SH DESCRIPTION +.PP +\fBsmb-nat\fP is a tool written to perform various security checks on systems +offering the NetBIOS file sharing service. \fBsmb-nat\fP will attempt to retrieve +all information availible from the remote server, and attempt to access any +services provided by the server. +.SH OPTIONS +.IP \fB-o\fP +Specify the \fBoutput\fP file. All results from the scan will be written to +the specified file, in addition to standard output. +.IP \fB-u\fP +Specify the file to read \fBusernames\fP from. Usernames will be read from +the specified file when attempting to guess the password on the remote server. +Usernames should appear one per line in the specified file. +A sample username file can be found at \fB/usr/share/smb-nat/userlist.txt\fP. +.IP \fB-p\fP +Specify the file to read \fBpasswords\fP from. Passwords will be read from +the specified file when attempting to guess the password on the remote server. +Passwords should appear one per line in the specified file. +A sample password file can be found at \fB/usr/share/smb-nat/passlist.txt\fP. +.IP \fB
\fP +Addresses should be specified in comma deliminated format, with no spaces. +Valid address specifications include: + +hostname - "hostname" is added + +127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3 + +127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3 + +127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3, 127.0.0.7, +127.0.0.10 through 127.0.0.20. + +hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through 127.0.0.1 + +All combinations of hostnames and address ranges as specified above are valid. +.PP +If no userlist or password list files are specified on the command line, +a small set of defaults are used. This list includes the following: + + \fBUsernames\fP + + "ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL" + + \fBPasswords\fP + + "ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD", "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST", "ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL" + +The password guessing routines are written in such a way that all passwords are +tried for all usernames. Keep this in mind when using larger lists of passwords +and usernames, as the time required increases exponentially with the size of +these lists. +.SH SUPPORTED PLATFORMS +This version of \fBsmb-nat\fP has been tested against Windows NT 4.0 and various +versions of the Samba server written by Andrew Tridgell. +.PP +This version of \fBsmb-nat\fP has been tested and compiled on the following +operating systems: +\fBSolaris\fP 2.5, +\fBLinux\fP 2.0, +\fBFreeBSD\fP 2.1.5, +\fBOpenBSD\fP 2.0, +\fBBSDI\fP 2.1, +\fBWindows NT\fP 4.0, +\fBWindows 95\fP + +.SH FILES +\fBsmb-nat\fP, \fB/usr/share/smb-nat/userlist.txt\fP, \fB/usr/share/smb-nat/passlist.txt\fP --- nat-1.0.orig/debian/docs +++ nat-1.0/debian/docs @@ -0,0 +1 @@ +README --- nat-1.0.orig/patch +++ nat-1.0/patch @@ -0,0 +1,25 @@ +diff -Naur nat-1.0.orig/client.c nat-1.0/client.c +--- nat-1.0.orig/client.c 1997-02-17 04:18:04.000000000 +0100 ++++ nat-1.0/client.c 2003-02-20 14:24:53.000000000 +0100 +@@ -3613,7 +3613,7 @@ + username[0] = '\0'; + while (!done) { + if (!userfd || !passfd) +- uppair(); ++ done = !uppair(); + else { + if (fgets(password, sizeof(password), passfd) == NULL) { + rewind(passfd); +@@ -3636,8 +3636,11 @@ + } + + if ((! *username) && (! *password)) +- uppair(); /* sleaze for NT */ ++ done = !uppair(); /* sleaze for NT */ + ++ if (done) ++ break; /* Stop when uppair is done */ ++ + #ifdef VERBOSE + natprintf("[*]--- Attempting to connect with Username: `%s' Password: `%s'\n", + username, password);