Re: [PEN-TEST] NetBIOS Auditing Tool

[Oliver Friedrichs <of () SECURITYFOCUS COM>]

We released NAT back at Secure Networks a few years ago.  I don't know if
this is the same NAT your referring to.  It was essentially an older version
of Samba that had some heavy changes made to it (Samba code is not pleasant
to look at or work with).  It was automated to grab the NetBIOS name and
password account names in an attempt to access file shares.  Full source was
released, since it was GNU to begin with.  It could very well have been
compiled on NT using gnu-win32, but as it stood, it had a tendancy to be
unstable.

I do recall some other similar tools being released as well by others, and I
think someone also called theirs NAT, so I don't know which tool your using.
I did write a much better version from scratch called smbgrind, (that didn't
use Samba code) which is part of CyberCop Scanner, it allows you to specify
any number of parallel grinders, so you can have 10+ connections guessing
passwords in parallel.  I believe you can still download a fully functional
trial version from the NAI site.

- Oliver

> -----Original Message-----
> From: Jacob A. Ansari [mailto:JAnsari () CROWECHIZEK COM]
> Sent: Monday, October 09, 2000 10:27 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: [PEN-TEST] NetBIOS Auditing Tool
>
>
>      Hi,
>
>      I've found a Unix implementation of NetBIOS Auditing Tool called
> nbaudit (don't know if this is a port of NAT from win32 or
> the other way
> around).  Normally it's very useful, but has a nasty habit of
> dumping core
> in the middle of execution.  Has anyone else encountered
> this?  Thanks very
> much.
>
>      Jacob
>
>
>
> Jacob Ansari
> Crowe Chizek and Company, LLP
> Information Risk Management
> (219) 232-3992
> jansari () crowechizek com