1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
NAT(1) NAT(1)
N�NA�AM�ME�E
nat - NetBIOS Auditing Tool
S�SY�YN�NO�OP�PS�SI�IS�S
nat [-o <o�ou�ut�tp�pu�ut�t>] [-u <u�us�se�er�rl�li�is�st�t>] [-p <p�pa�as�ss�sl�li�is�st�t>]
<�<a�ad�dd�dr�re�es�ss�s>�>
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
n�na�at�t is a tool written to perform various security checks
on systems offering the NetBIOS file sharing service. n�na�at�t
will attempt to retrieve all information availible from
the remote server, and attempt to access any services pro-
vided by the server.
O�OP�PT�TI�IO�ON�NS�S
-�-o�o Specify the o�ou�ut�tp�pu�ut�t file. All results from the scan
will be written to the specified file, in addition
to standard output.
-�-u�u Specify the file to read u�us�se�er�rn�na�am�me�es�s from. Usernames
will be read from the specified file when attempt-
ing to guess the password on the remote server.
Usernames should appear one per line in the speci-
fied file.
-�-p�p Specify the file to read p�pa�as�ss�sw�wo�or�rd�ds�s from. Passwords
will be read from the specified file when attempt-
ing to guess the password on the remote server.
Passwords should appear one per line in the speci-
fied file.
<�<a�ad�dd�dr�re�es�ss�s>�>
Addresses should be specified in comma deliminated
format, with no spaces. Valid address specifica-
tions include:
hostname - "hostname" is added
127.0.0.1-127.0.0.3, adds addresses 127.0.0.1
through 127.0.0.3
127.0.0.1-3, adds addresses 127.0.0.1 through
127.0.0.3
127.0.0.1-3,7,10-20, adds addresses 127.0.0.1
through 127.0.0.3, 127.0.0.7, 127.0.0.10 through
127.0.0.20.
hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1
through 127.0.0.1
All combinations of hostnames and address ranges as
specified above are valid.
1
NAT(1) NAT(1)
If no userlist or password list files are specified on the
command line, a small set of defaults are used. This list
includes the following:
U�Us�se�er�rn�na�am�me�es�s
"ADMINISTRATOR", "GUEST", "BACKUP", "ROOT", "ADMIN",
"USER", "DEMO", "TEST", "SYSTEM", "OPERATOR", "OPER",
"LOCAL"
P�Pa�as�ss�sw�wo�or�rd�ds�s
"ADMINISTRATOR", "GUEST", "ROOT", "ADMIN", "PASSWORD",
"TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES",
"DEMO", "TEST", "ACCESS", "USER", "BACKUP", "SYSTEM",
"SERVER", "LOCAL"
The password guessing routines are written in such a way
that all passwords are tried for all usernames. Keep this
in mind when using larger lists of passwords and user-
names, as the time required increases exponentially with
the size of these lists.
S�SU�UP�PP�PO�OR�RT�TE�ED�D P�PL�LA�AT�TF�FO�OR�RM�MS�S
This version of n�na�at�t has been tested against Windows NT 4.0
and various versions of the Samba server written by Andrew
Tridgell.
This version of n�na�at�t has been tested and compiled on the
following operating systems: S�So�ol�la�ar�ri�is�s 2.5, L�Li�in�nu�ux�x 2.0,
F�Fr�re�ee�eB�BS�SD�D 2.1.5, O�Op�pe�en�nB�BS�SD�D 2.0, B�BS�SD�DI�I 2.1, W�Wi�in�nd�do�ow�ws�s N�NT�T 4.0, W�Wi�in�n-�-
d�do�ow�ws�s 9�95�5
F�FI�IL�LE�ES�S
n�na�at�t, u�us�se�er�rl�li�is�st�t.�.t�tx�xt�t, p�pa�as�ss�sl�li�is�st�t.�.t�tx�xt�t
2
|
