--- nat-1.0.orig/Makefile +++ nat-1.0/Makefile @@ -362,17 +362,19 @@ # DON'T EDIT BELOW THIS LINE ###################################################################### -SRCS = nat.c client.c util.c system.c nmb.c charset.c parse_ip.c -OBJS = nat.o client.o util.o system.o nmb.o charset.o parse_ip.o +SRCS = nat.c client.c util.c system.c nmb.c charset.c parse_ip.c sighandler.c +OBJS = nat.o client.o util.o system.o nmb.o charset.o parse_ip.o sighandler.o +CLIENT_OBJS = client.o util.o system.o nmb.o charset.o parse_ip.o sighandler.o CFLAGS1 = -DSTEPPING -DSCANNER -DVERBOSE CFLAGS2 = -DWORKGROUP=\"$(WORKGROUP)\" -DGUEST_ACCOUNT=\"$(GUESTACCOUNT)\" -CFLAGS = $(CFLAGS1) $(CFLAGS2) $(FLAGSM) +CFLAGS = $(CFLAGS1) $(CFLAGS2) $(FLAGSM) -ggdb -Wall +CLIENT_CFLAGS = -DVERBOSE $(CFLAGS2) $(FLAGSM) -ggdb -Wall LIBS = $(LIBSM) all : nat -INCLUDES = version.h local.h includes.h smb.h -PROGS = nat +INCLUDES = version.h local.h includes.h smb.h sighandler.h +PROGS = nat client .SUFFIXES: .SUFFIXES: .c .o .h @@ -384,5 +386,8 @@ nat: $(OBJS) $(CC) $(CFLAGS) -o nat $(STATIC) $(OBJS) $(LIBS) +client: $(CLIENT_OBJS) + $(CC) $(CLIENT_CFLAGS) -o client $(STATIC) $(CLIENT_OBJS) $(LIBS) + clean: rm -f core *.o *~ $(PROGS) --- nat-1.0.orig/client.c +++ nat-1.0/client.c @@ -31,6 +31,7 @@ #endif #include "includes.h" +#include "util.h" #ifndef REGISTER #define REGISTER 0 @@ -2711,7 +2712,7 @@ (CVAL (inbuf, smb_rcls), SVAL (inbuf, smb_err)); /* this "can't happen" but does against misconfigured samba, fer example */ if ((cur_serr == 2) && (sec_mode & 1)) - DEBUG (1,("Wanted TCon passwd in USER-mode sec?!??!\n")); + DEBUG (1,("Wanted TCon passwd in USER-mode sec!!!\n")); return(False); } /* if smb_rcls err */ @@ -3521,7 +3522,7 @@ natprintf("[*]--- CONNECTED with name: %s\n", p); #endif - DEBUG(0,("session to %s (0x%x) open\n", desthost, name_type)); + DEBUG(1,("session to %s (0x%x) open\n", desthost, name_type)); phase = 2; goto phase_2; } else { @@ -3613,7 +3614,7 @@ username[0] = '\0'; while (!done) { if (!userfd || !passfd) - uppair(); + done = !uppair(); else { if (fgets(password, sizeof(password), passfd) == NULL) { rewind(passfd); @@ -3636,8 +3637,11 @@ } if ((! *username) && (! *password)) - uppair(); /* sleaze for NT */ + done = !uppair(); /* sleaze for NT */ + if (done) + break; /* Stop when uppair is done */ + #ifdef VERBOSE natprintf("[*]--- Attempting to connect with Username: `%s' Password: `%s'\n", username, password); --- nat-1.0.orig/debian/README.debian +++ nat-1.0/debian/README.debian @@ -0,0 +1,17 @@ +nat for DEBIAN +-------------- + +I (Javier) made this package without being aware that Cristoph Lameter +had already done one for previous Debian releases (it was included, +at least, in Debian 2.0 and Debian 2.1). This package is being sent +again into Debian since it's useful as an audit tool. + +Javier Fernandez-Sanguino , Mon, 11 Nov 2002 12:30:13 +0100 + + +The previous README.Debian is replicated here (it's no longer valid): + +This package is up for adoption. If you want to maintain it for the Debian +Project then please write me. + +Christoph Lameter , Mon, 18 Aug 1997 19:00:01 -0700 --- nat-1.0.orig/debian/changelog +++ nat-1.0/debian/changelog @@ -0,0 +1,87 @@ +nat (1:1.0-6ubuntu1) vivid; urgency=medium + + * util.h: Add a declaration for Get_Hostbyaddr. + * client.c: Include util.h to fix implicit function declaration and pointer + conversion. + + -- Logan Rosen Mon, 23 Feb 2015 17:27:20 +0000 + +nat (1:1.0-6) unstable; urgency=medium + + * include.h: Apply patch provided by Cyril Roelandt to fix + FTBFS (Closes: #681932) + * debian/control: + - Update Maintainer address + - Add Homepage + - Updated Standards-Version, no changes required + - Add ${misc:Depends} in the control file + * debian/copyright: + - Reconvert to UTF-8 + - Updated the FSF address + * debian/compat: Add it to the package + * debian/rules: + - Comment out DH_COMPAT in debian/rules + - Add missing recommended targets in the file + - Do not ignore make clean errors + + -- Javier Fernández-Sanguino Peña Mon, 12 Jan 2015 00:16:23 +0100 + +nat (1:1.0-5) unstable; urgency=low + + * Prevent segmentation faults and sigpipe by handling them with a signal, + this does not fix the core issue though, so it does *not* close #347947, #197898) + * Use -Wall and fix some warnings (many more pending) + * Introduce the -d option in smb-nat and make debugging work ok + + -- Javier Fernandez-Sanguino Pen~a Wed, 25 Jan 2006 09:13:22 +0100 + +nat (1:1.0-4) unstable; urgency=low + + * Applied patch from Andreas Jochens to fix a FTBFS with gcc-3.4 + (Closes: #260670) + + -- Javier Fernandez-Sanguino Pen~a Sun, 13 Feb 2005 12:20:43 +0100 + +nat (1:1.0-3) unstable; urgency=low + + * Applied patch contributed by Jasper van Woudenberg that + should prevent if from segfaulting against w2k targets + (Closes: #171692) + * Fixed lintian warning + + -- Javier Fernandez-Sanguino Pen~a Thu, 3 Apr 2003 23:09:28 +0200 + +nat (1:1.0-2) unstable; urgency=low + + * Fixed description (Closes: #171584) + + -- Javier Fernandez-Sanguino Pen~a Tue, 3 Dec 2002 18:36:30 +0100 + +nat (1:1.0-1) unstable; urgency=low + + * Initial Release (at least I thought it was until I found Christoph's + packages) (Closes: #148988) + * Fixed Makefile to use -DNO_ASMSIGNALH in order to compile properly. + * This package was removed for some reason from Debian 2.1 to Debian 2.2 + since I do not see any (legal) reason for it's removal I'm uploading + it again. + * Fixed the version (it's not 10, it's 1.0!), used epochs in new package + just in case. + * Changed the name of program/manpage from 'nat' to 'smb-nat' (less + generic) + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 May 2002 00:03:46 +0200 + +smb-nat (10-2) unstable; urgency=low + + * Renamed to smb-nat from nat + * build for hamm. + + -- Christoph Lameter Mon, 13 Oct 1997 20:02:59 -0700 + +nat (10-1) unstable; urgency=low + + * Initial Release. + + -- Christoph Lameter Mon, 18 Aug 1997 19:00:01 -0700 + --- nat-1.0.orig/debian/compat +++ nat-1.0/debian/compat @@ -0,0 +1 @@ +5 --- nat-1.0.orig/debian/control +++ nat-1.0/debian/control @@ -0,0 +1,19 @@ +Source: nat +Section: admin +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Javier Fernandez-Sanguino Peña +Build-Depends: debhelper (>> 3.0.0) +Standards-Version: 3.9.6 +Homepage: http://www.tux.org/pub/security/secnet/tools/nat10/ + +Package: smb-nat +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: nat +Conflicts: nat +Provides: nat +Description: Netbios Auditing Tool + This tool can perform various security checks on remote servers running + NetBIOS file sharing services. It is capable of enumerating shares and make + break-in attempts using a (user-provided) list of users and passwords. --- nat-1.0.orig/debian/copyright +++ nat-1.0/debian/copyright @@ -0,0 +1,64 @@ +This package was debianized (before seeing that Cristoph had done +it quite a while back) by Javier Fernandez-Sanguino Peña on +Thu, 30 May 2002 00:03:46 +0200. + +This package was debianized by Christoph Lameter clameter@debian.org on +Mon, 18 Aug 1997 19:00:01 -0700. + +It was downloaded from http://www.tux.org/pub/security/secnet/tools/nat10/ +(Note, the old upstream site is no longer available: +ftp.secnet.com:/pub/tools/nat10) + +Upstream Authors: Secure Networks Inc. + + +Copyright (C) Secure Networks Inc., January and February, 1997 +Copyright (C) Andrew Tridgell 1992-1995 + + + +Copyright: + +NetBIOS Security Kit v1.0 + +The intention of this package is to perform various security checks on +remote servers running NetBIOS file sharing services. + +For usage, please see the nat.1 man page or nat.1.txt for the text version. + +In the grand scheme of NetBIOS and Windows NT security, NAT is fairly small. +It is, without question a step in the right direction but it like any other +software, needs further development. In order to continue software like this +to be available for free, it needs to be a community effort. If you are +interested in helping NAT grow, we encourage you to mail us at +nat-dev@secnet.com + +This package is entirely based on code written by Andrew Tridgell and +contains the following license agreement: + +/* + Unix SMB/Netbios implementation. + Version 1.9. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1995 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +Debian note: This software is distributed under the GNU General Public License +you can find a copy of this license in your Debian GNU/Linux system +under /usr/share/common-licenses/. + + --- nat-1.0.orig/debian/dirs +++ nat-1.0/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/smb-nat --- nat-1.0.orig/debian/docs +++ nat-1.0/debian/docs @@ -0,0 +1 @@ +README --- nat-1.0.orig/debian/rules +++ nat-1.0/debian/rules @@ -0,0 +1,77 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +#export DH_COMPAT=4 + + + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + touch configure-stamp + + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp + +build-stamp: configure-stamp + dh_testdir + $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + $(MAKE) clean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + install -m 755 nat $(CURDIR)/debian/smb-nat/usr/bin/smb-nat + install -m 644 userlist.txt $(CURDIR)/debian/smb-nat/usr/share/smb-nat + install -m 644 passlist.txt $(CURDIR)/debian/smb-nat/usr/share/smb-nat + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples + dh_installmenu + dh_installman debian/smb-nat.1 + dh_installinfo + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- nat-1.0.orig/debian/smb-nat.1 +++ nat-1.0/debian/smb-nat.1 @@ -0,0 +1,73 @@ +.TH NAT 1 +.SH NAME +smb-nat - NetBIOS Auditing Tool +.SH SYNOPSIS +smb-nat [-d <\fBdebuglevel\fP>] [-o <\fBoutput\fP>] [-u <\fBuserlist\fP>] [-p <\fBpasslist\fP>] \fB
\fP +.SH DESCRIPTION +.PP +\fBsmb-nat\fP is a tool written to perform various security checks on systems +offering the NetBIOS file sharing service. \fBsmb-nat\fP will attempt to retrieve +all information availible from the remote server, and attempt to access any +services provided by the server. +.SH OPTIONS +.IP \fB-o\fP +Specify the \fBoutput\fP file. All results from the scan will be written to +the specified file, in addition to standard output. +.IP \fB-u\fP +Specify the file to read \fBusernames\fP from. Usernames will be read from +the specified file when attempting to guess the password on the remote server. +Usernames should appear one per line in the specified file. +A sample username file can be found at \fB/usr/share/smb-nat/userlist.txt\fP. +.IP \fB-p\fP +Specify the file to read \fBpasswords\fP from. Passwords will be read from +the specified file when attempting to guess the password on the remote server. +Passwords should appear one per line in the specified file. +A sample password file can be found at \fB/usr/share/smb-nat/passlist.txt\fP. +.IP \fB
\fP +Addresses should be specified in comma deliminated format, with no spaces. +Valid address specifications include: + +hostname - "hostname" is added + +127.0.0.1-127.0.0.3, adds addresses 127.0.0.1 through 127.0.0.3 + +127.0.0.1-3, adds addresses 127.0.0.1 through 127.0.0.3 + +127.0.0.1-3,7,10-20, adds addresses 127.0.0.1 through 127.0.0.3, 127.0.0.7, +127.0.0.10 through 127.0.0.20. + +hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1 through 127.0.0.1 + +All combinations of hostnames and address ranges as specified above are valid. +.PP +If no userlist or password list files are specified on the command line, +a small set of defaults are used. This list includes the following: + + \fBUsernames\fP + + "ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN", "USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER", "LOCAL" + + \fBPasswords\fP + + "ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD", "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES", "DEMO", "TEST", "ACCESS", "USER", "BACKUP", "SYSTEM", "SERVER", "LOCAL" + +The password guessing routines are written in such a way that all passwords are +tried for all usernames. Keep this in mind when using larger lists of passwords +and usernames, as the time required increases exponentially with the size of +these lists. +.SH SUPPORTED PLATFORMS +This version of \fBsmb-nat\fP has been tested against Windows NT 4.0 and various +versions of the Samba server written by Andrew Tridgell. +.PP +This version of \fBsmb-nat\fP has been tested and compiled on the following +operating systems: +\fBSolaris\fP 2.5, +\fBLinux\fP 2.0, +\fBFreeBSD\fP 2.1.5, +\fBOpenBSD\fP 2.0, +\fBBSDI\fP 2.1, +\fBWindows NT\fP 4.0, +\fBWindows 95\fP + +.SH FILES +\fBsmb-nat\fP, \fB/usr/share/smb-nat/userlist.txt\fP, \fB/usr/share/smb-nat/passlist.txt\fP --- nat-1.0.orig/includes.h +++ nat-1.0/includes.h @@ -111,6 +111,9 @@ #define NO_NETIFH #endif +#ifdef __GNU__ +#define NO_SYSMOUNTH +#endif #if (defined(SHADOW_PWD)||defined(OSF1_ENH_SEC)||defined(SecureWare)||defined(PWDAUTH)) #define PASSWORD_LENGTH 16 @@ -164,6 +167,8 @@ #endif #ifndef NO_SYSMOUNTH #include +#elif !defined(NO_SYSSTATFSH) +#include #endif #include #ifdef __STDC__ --- nat-1.0.orig/nat.1 +++ nat-1.0/nat.1 @@ -17,10 +17,12 @@ Specify the file to read \fBusernames\fP from. Usernames will be read from the specified file when attempting to guess the password on the remote server. Usernames should appear one per line in the specified file. +A sample username file can be found at \fB/usr/share/nat/userlist.txt\fP. .IP \fB-p\fP Specify the file to read \fBpasswords\fP from. Passwords will be read from the specified file when attempting to guess the password on the remote server. Passwords should appear one per line in the specified file. +A sample password file can be found at \fB/usr/share/nat/passlist.txt\fP. .IP \fB
\fP Addresses should be specified in comma deliminated format, with no spaces. Valid address specifications include: @@ -68,4 +70,4 @@ \fBWindows 95\fP .SH FILES -\fBnat\fP, \fBuserlist.txt\fP, \fBpasslist.txt\fP +\fBnat\fP, \fB/usr/share/nat/userlist.txt\fP, \fB/usr/share/nat/passlist.txt\fP --- nat-1.0.orig/nat.c +++ nat-1.0/nat.c @@ -2,17 +2,18 @@ #include #include #include +#include -#ifdef _WIN32 - #include -#endif +#include #ifdef __STDC__ #include #else #include #endif +#include "sighandler.h" #include "parse_ip.h" +#include "util.h" extern char *optarg; extern int optind; @@ -30,22 +31,25 @@ struct vuln_res *vr_next; }; +int nas_step (unsigned long xip); +char *StrnCpy(char *dest,const char *src,int n); void natprintf(char *format, ...); struct vuln_res *module_16000(); +extern int DEBUGLEVEL; + int main(argc, argv) int argc; char **argv; { struct vuln_res *vr; - u_long ipaddr; int opt; char *progname; struct ipstr *hosts; progname = strdup(argv[0]); - while ((opt = getopt(argc, argv, "o:u:p:")) != -1) + while ((opt = getopt(argc, argv, "d:o:u:p:")) != -1) switch(opt) { case 'o': outputfile = strdup(optarg); break; @@ -53,18 +57,30 @@ break; case 'p': passfile = strdup(optarg); break; + case 'd': DEBUGLEVEL = atoi(strdup(optarg)); + break; default : exit(-1); } + argc -= optind; argv += optind; if (argc < 1) { - fprintf(stderr,"usage: %s [-o filename] [-u userlist] [-p passlist]"\ + fprintf(stderr,"usage: %s [-o filename] [-u userlist] [-p passlist] [-d debuglevel]"\ "
\n", progname); exit(1); } + setup_logging(progname, True); + /* Set up signals */ + set_signal(SIGSEGV, sighandler); + set_signal(SIGTERM, sighandler); + set_signal(SIGINT, sighandler); + set_signal(SIGHUP, SIG_IGN); + set_signal(SIGPIPE, sighandler); /* Network errors are treated by the app */ + + if (userfile) { if ((userfd = fopen(userfile, "r"))) natprintf("[*]--- Reading usernames from %s\n", userfile); @@ -262,7 +278,7 @@ vvr_strings[ptr_vvr] = pp; /* chain off to real result string */ ptr_vvr++; - while (pp = get_vuln (i)) { /* collect the rest of 'em */ + while ((pp = get_vuln (i))) { /* collect the rest of 'em */ vvr_strings[ptr_vvr] = pp; ptr_vvr++; } @@ -304,7 +320,6 @@ #endif va_list ap; static FILE *outfd = NULL; - char *s; #ifdef __STDC__ va_start(ap, format); @@ -328,3 +343,4 @@ vfprintf(outfd, format, ap); return; } + --- nat-1.0.orig/nmb.c +++ nat-1.0/nmb.c @@ -40,7 +40,6 @@ #endif /* SCANNER */ int Debug1(char *, ...); -int Debug1(); int num_good_sends=0; int num_good_receives=0; @@ -790,8 +789,7 @@ */ static void H_interpret_node_status(char *p) { -/* int level = (master||rname)?4:0; */ - int level = 0; /* always print */ + int level = 10; int numnames = CVAL(p,0); DEBUG(level,("received %d names\n",numnames)); --- nat-1.0.orig/parse_ip.h +++ nat-1.0/parse_ip.h @@ -8,3 +8,6 @@ char *name; struct ipstr *next; }; + +struct ipstr *parse_ip(char *input); + --- nat-1.0.orig/patch +++ nat-1.0/patch @@ -0,0 +1,25 @@ +diff -Naur nat-1.0.orig/client.c nat-1.0/client.c +--- nat-1.0.orig/client.c 1997-02-17 04:18:04.000000000 +0100 ++++ nat-1.0/client.c 2003-02-20 14:24:53.000000000 +0100 +@@ -3613,7 +3613,7 @@ + username[0] = '\0'; + while (!done) { + if (!userfd || !passfd) +- uppair(); ++ done = !uppair(); + else { + if (fgets(password, sizeof(password), passfd) == NULL) { + rewind(passfd); +@@ -3636,8 +3636,11 @@ + } + + if ((! *username) && (! *password)) +- uppair(); /* sleaze for NT */ ++ done = !uppair(); /* sleaze for NT */ + ++ if (done) ++ break; /* Stop when uppair is done */ ++ + #ifdef VERBOSE + natprintf("[*]--- Attempting to connect with Username: `%s' Password: `%s'\n", + username, password); --- nat-1.0.orig/samples/localhost-samba.log +++ nat-1.0/samples/localhost-samba.log @@ -0,0 +1,38 @@ + +[*]--- Checking host: 127.0.0.1 +[*]--- Obtaining list of remote NetBIOS names +[*]--- Remote systems name tables: + + LINUX + LINUX + LINUX + __MSBROWSE__ + SAMBA + SAMBA + SAMBA + SAMBA + +[*]--- Attempting to connect with name: * +[*]--- CONNECTED with name: * +[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03 +[*]--- Remote server wants us to encrypt, telling it not to +[*]--- Attempting to connect with protocol: PC NETWORK PROGRAM 1.0 +[*]--- Attempting to establish session + +[*]--- Attempting to access share: \\*\ +[*]--- Unable to access + +[*]--- Attempting to access share: \\*\ADMIN$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\*\C$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\*\D$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\*\ROOT +[*]--- Unable to access + +[*]--- Attempting to access share: \\*\WINNT$ +[*]--- Unable to access --- nat-1.0.orig/samples/w2000as.log +++ nat-1.0/samples/w2000as.log @@ -0,0 +1,51 @@ + +[*]--- Checking host: 192.168.0.159 +[*]--- Obtaining list of remote NetBIOS names +[*]--- Remote systems name tables: + + INet~Services + IS~W2000AS + W2000AS + W2000AS + WORKGROUP + ADMINISTRATOR + W2000AS + WORKGROUP + IWAM_W2000AS + WORKGROUP + __MSBROWSE__ + +[*]--- Attempting to connect with name: * +[*]--- Unable to connect + +[*]--- Attempting to connect with name: INet~Services +[*]--- Unable to connect + +[*]--- Attempting to connect with name: IS~W2000AS +[*]--- Unable to connect + +[*]--- Attempting to connect with name: W2000AS +[*]--- CONNECTED with name: W2000AS +[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03 +[*]--- Server time is Wed Jan 25 17:21:06 2006 +[*]--- Timezone is UTC-0.0 +[*]--- Remote server wants us to encrypt, telling it not to +[*]--- Attempting to establish session + +[*]--- Attempting to access share: \\W2000AS\ +[*]--- Unable to access + +[*]--- Attempting to access share: \\W2000AS\ADMIN$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\W2000AS\C$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\W2000AS\D$ +[*]--- Unable to access + +[*]--- Attempting to access share: \\W2000AS\ROOT +[*]--- Unable to access + +[*]--- Attempting to access share: \\W2000AS\WINNT$ +[*]--- Unable to access --- nat-1.0.orig/sighandler.c +++ nat-1.0/sighandler.c @@ -0,0 +1,113 @@ +/* Nessus + * Copyright (C) 1998 - 2004 Renaud Deraison + * + * Adapted for the Netbios Auditing Tool by Javier Fernandez-Sanguino + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * + * Signals handlers + */ + +#include +#include +#include + +#include "sighandler.h" +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif + + +void (*set_signal(int signum, void (*handler)(int)))(int) +{ + struct sigaction saNew,saOld; + + /* Init new handler */ + sigfillset(&saNew.sa_mask); + sigdelset(&saNew.sa_mask, SIGALRM); /* make sleep() work */ + + saNew.sa_flags = 0; +# ifdef HAVE_SIGNAL_SA_RESTORER + saNew.sa_restorer = 0; /* not avail on Solaris - jordan */ +# endif + saNew.sa_handler = handler; + + sigaction(signum, &saNew, &saOld); + return saOld.sa_handler; +} + + +void sighandler(sign) + int sign; +{ + char * sig = NULL; + int murderer = 0; + + switch(sign) + { + case SIGTERM: + sig = "TERM"; + close_sockets(); + break; + case SIGINT : + sig = "INT"; + close_sockets(); + break; + case SIGPIPE : + sig = "PIPE"; + close_sockets(); + break; + case SIGSEGV : +#ifdef HAVE__EXIT + signal(SIGSEGV, _exit); +#else + signal(SIGSEGV, exit); +#endif + sig = "SEGV"; + break; + default: + sig = "unknown signal"; + } + fprintf(stderr, "Received signal %s!\n", sig); +#ifdef HAVE__EXIT + _exit(1); +#else + exit(1); +#endif + +} + + +void sighand_segv() +{ +#ifdef HAVE__EXIT + signal(SIGSEGV, _exit); +#else + signal(SIGSEGV, exit); +#endif + fprintf(stderr, "Received SIGSEGV!\n"); +#ifdef HAVE__EXIT + _exit(1); +#else + exit(1); +#endif +} + --- nat-1.0.orig/sighandler.h +++ nat-1.0/sighandler.h @@ -0,0 +1,36 @@ +/* Signal handler from Nessus + * Copyright (C) 1998 Renaud Deraison + * + * Adapted to the Netbios Auditing Tool by Javier Fernandez-Sanguino + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _NAT_SIGHAND_H +#define _NAT_SIGHAND_H + +#include + +extern void (*set_signal(int signum, void (*handler)(int)))(int); +extern void sighand_pipe(); +extern void sighand_term(); +extern void sighand_int(); +extern void sighand_kill(); +extern void sighand_segv(); +extern void sighand_io(); +extern void sighandler(int sign); + +#endif + --- nat-1.0.orig/util.c +++ nat-1.0/util.c @@ -78,7 +78,7 @@ /* size of reads during a direct file to file transfer */ int ReadSize = 16*1024; -pstring debugf = "/tmp/log.samba"; +pstring debugf = "smb-nat.log"; int syslog_level; /* the following control case operations - they are put here so the @@ -236,8 +236,8 @@ } va_end(ap); - return(0); #endif /* SCANNER */ + return(0); } /**************************************************************************** @@ -510,13 +510,14 @@ ****************************************************************************/ BOOL is_a_socket(int fd) { - int v,l; + int v; + socklen_t l; l = sizeof(int); #ifdef _WIN32 /* evil, but it works */ return(0); #else - return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); + return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (void *)&v, &l) == 0); #endif } @@ -2094,8 +2095,13 @@ { int ret; struct sockaddr sock; - int socklen; + socklen_t socklen; + /* Just in case */ + if (fd <= 0) { + DEBUG(2,("no valid file descriptor to read the socket\n")); + return(0); + } socklen = sizeof(sock); bzero((char *)&sock,socklen); bzero((char *)&lastip,sizeof(lastip)); @@ -2178,6 +2184,10 @@ struct timeval timeout, tval1, tval2, tvaldiff; /* just checking .... */ + if (fd <= 0) { + DEBUG(2,("no valid file descriptor to read the socket\n")); + return(0); + } if (maxcnt <= 0) return(0); if(time_out == -2) @@ -2373,6 +2383,11 @@ { int total=0; int ret; + /* Just in case */ + if (fd <= 0) { + DEBUG(2,("no valid file descriptor to write_data\n")); + return(0); + } while (total < N) { @@ -2675,6 +2690,18 @@ int ret,nwritten=0; len = smb_len(buffer) + 4; + /* Just in case */ + if (fd <= 0) { + DEBUG(2,("no valid file descriptor to send_smb\n")); + return False; + } + /* Is this socket alive? */ + if ( send_keepalive(fd) < 0 ) { + DEBUG(2,("session is no longer available\n")); + /* Restore the session? */ + return False; + } + while (nwritten < len) { ret = write_socket(fd,buffer+nwritten,len - nwritten); --- nat-1.0.orig/util.h +++ nat-1.0/util.h @@ -0,0 +1,43 @@ +/* + * This file has been modified from the original Samba package + * by Secure Networks Inc., January and February, 1997. This package and + * all code which it is based on falls under the GNU Public License + * agreement. + */ + +/* + Unix SMB/Netbios implementation. + Version 1.9. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1995 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _NAT_UTIL_H +#define _NAT_UTIL_H + +typedef int BOOL; +#define False (0) +#define True (1) + +void setup_logging(char *pname, BOOL interactive); +#ifdef __STDC__ +int Debug1(char *format_str, ...); +#endif + +char * Get_Hostbyaddr (struct in_addr ip); + +#endif