Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

smb-nat(1) [debian man page]

NAT(1)							      General Commands Manual							    NAT(1)

NAME

       smb-nat - NetBIOS Auditing Tool

SYNOPSIS

       smb-nat [-o <output>] [-u <userlist>] [-p <passlist>] <address>

DESCRIPTION

       smb-nat is a tool written to perform various security checks on systems offering the NetBIOS file sharing service.  smb-nat will attempt to
       retrieve all information availible from the remote server, and attempt to access any services provided by the server.

OPTIONS

       -o     Specify the output file.	All results from the scan will be written to the specified file, in addition to standard output.

       -u     Specify the file to read usernames from.	Usernames will be read from the specified file when attempting to guess  the  password	on
	      the  remote  server.   Usernames	should	appear	one  per  line	in  the  specified  file.   A sample username file can be found at
	      /usr/share/smb-nat/userlist.txt.

       -p     Specify the file to read passwords from.	Passwords will be read from the specified file when attempting to guess  the  password	on
	      the  remote  server.   Passwords	should	appear	one  per  line	in  the  specified  file.   A sample password file can be found at
	      /usr/share/smb-nat/passlist.txt.

       <address>
	      Addresses should be specified in comma deliminated format, with no spaces.  Valid address specifications include:

	      hostname - "hostname" is added

	      127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3

	      127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3

	      127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3, 127.0.0.7, 127.0.0.10 through 127.0.0.20.

	      hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through 127.0.0.1

	      All combinations of hostnames and address ranges as specified above are valid.

       If no userlist or password list files are specified on the command line, a small set of defaults are used.  This list includes the  follow-
       ing:

	 Usernames

	 "ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL"

	 Passwords

	 "ADMINISTRATOR",  "GUEST",  "ROOT",  "ADMIN",	"PASSWORD",  "TEMP",  "SHARE",	"WRITE",  "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST",
       "ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL"

       The password guessing routines are written in such a way that all passwords are tried for all usernames.  Keep  this  in  mind  when  using
       larger lists of passwords and usernames, as the time required increases exponentially with the size of these lists.

SUPPORTED PLATFORMS

       This version of smb-nat has been tested against Windows NT 4.0 and various versions of the Samba server written by Andrew Tridgell.

       This  version  of  smb-nat  has been tested and compiled on the following operating systems: Solaris 2.5, Linux 2.0, FreeBSD 2.1.5, OpenBSD
       2.0, BSDI 2.1, Windows NT 4.0, Windows 95

FILES

       smb-nat, /usr/share/smb-nat/userlist.txt, /usr/share/smb-nat/passlist.txt

																	    NAT(1)

Check Out this Related Man Page

TFTP-PROXY(8)						    BSD System Manager's Manual 					     TFTP-PROXY(8)

NAME

     tftp-proxy -- Internet Trivial File Transfer Protocol proxy

SYNOPSIS

     tftp-proxy [-v] [-w transwait]

DESCRIPTION

     tftp-proxy is a proxy for the Internet Trivial File Transfer Protocol invoked by the inetd(8) internet server.  TFTP connections should be
     redirected to the proxy using the pf(4) rdr command, after which the proxy connects to the server on behalf of the client.

     The proxy establishes a pf(4) rdr rule using the anchor facility to rewrite packets between the client and the server.  Once the rule is
     established, tftp-proxy forwards the initial request from the client to the server to begin the transfer.	After transwait seconds, the pf(4)
     NAT state is assumed to have been established and the rdr rule is deleted and the program exits.  Once the transfer between the client and
     the server is completed, the NAT state will naturally expire.

     Assuming the TFTP command request is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is
     negotiated, tftp-proxy adds the following rule to the anchor:

	   rdr proto udp from $server to $proxy port $port -> $client

     The options are as follows:

     -v      Log the connection and request information to syslogd(8).

     -w transwait
	     Number of seconds to wait for the data transmission to begin before removing the pf(4) rdr rule.  The default is 2 seconds.

CONFIGURATION

     To make use of the proxy, pf.conf(5) needs the following rules.  The anchors are mandatory.  Adjust the rules as needed for your configura-
     tion.

     In the NAT section:

	   nat on $ext_if from $int_if -> ($ext_if:0)

	   no nat on $ext_if to port tftp

	   rdr-anchor "tftp-proxy/*"
	   rdr on $int_if proto udp from $lan to any port tftp -> 
	       127.0.0.1 port 6969

     In the filter section, an anchor must be added to hold the pass rules:

	   anchor "tftp-proxy/*"

     inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4).  An example inetd.conf(5) entry fol-
     lows:

	   127.0.0.1:6969  dgram   udp	   wait    root 
		   /usr/libexec/tftp-proxy tftp-proxy

SEE ALSO

     tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)

CAVEATS

     tftp-proxy chroots to /var/empty and changes to user ``proxy'' to drop privileges.

BSD
								 November 28, 2005							       BSD
Man Page