


NAT(1)                                                     NAT(1)


NAME
       nat - NetBIOS Auditing Tool

SYNOPSIS
       nat   [-o   <output>]   [-u  <userlist>]  [-p  <passlist>] <address>

DESCRIPTION
       nat is a tool written to perform various  security  checks
       on systems offering the NetBIOS file sharing service.  nat
       will attempt to retrieve all  information  availible  from
       the remote server, and attempt to access any services pro-
       vided by the server.

OPTIONS 
       -o     Specify the output file.  All results from the scan
              will  be written to the specified file, in addition
              to standard output.

       -u     Specify the file to read usernames from.  Usernames
              will  be read from the specified file when attempt-
              ing to guess the password  on  the  remote  server.
              Usernames  should appear one per line in the speci-
              fied file.

       -p     Specify the file to read passwords from.  Passwords
              will  be read from the specified file when attempt-
              ing to guess the password  on  the  remote  server.
              Passwords  should appear one per line in the speci-
              fied file.

       <address>
              Addresses should be specified in comma  deliminated
              format,  with  no spaces.  Valid address specifica-
              tions include:

              hostname - "hostname" is added

              127.0.0.1-127.0.0.3,   adds   addresses   127.0.0.1
              through 127.0.0.3

              127.0.0.1-3,   adds   addresses  127.0.0.1  through
              127.0.0.3

              127.0.0.1-3,7,10-20,   adds   addresses   127.0.0.1
              through  127.0.0.3,  127.0.0.7,  127.0.0.10 through
              127.0.0.20.

              hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1
              through 127.0.0.1

              All combinations of hostnames and address ranges as
              specified above are valid.




                                                                1





NAT(1)                                                     NAT(1)


       If no userlist or password list files are specified on the
       command line, a small set of defaults are used.  This list
       includes the following:

         Usernames

         "ADMINISTRATOR",  "GUEST",  "BACKUP",  "ROOT",  "ADMIN",
       "USER",  "DEMO",  "TEST",  "SYSTEM",  "OPERATOR",  "OPER",
       "LOCAL"

         Passwords

         "ADMINISTRATOR", "GUEST", "ROOT",  "ADMIN",  "PASSWORD",
       "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES",
       "DEMO",  "TEST",  "ACCESS",  "USER",  "BACKUP",  "SYSTEM",
       "SERVER", "LOCAL"

       The  password  guessing routines are written in such a way
       that all passwords are tried for all usernames.  Keep this
       in  mind  when  using  larger lists of passwords and user-
       names, as the time required increases  exponentially  with
       the size of these lists.

SUPPORTED PLATFORMS
       This version of nat has been tested against Windows NT 4.0
       and various versions of the Samba server written by Andrew
       Tridgell.

       This  version  of  nat has been tested and compiled on the
       following  operating  systems:  Solaris  2.5,  Linux  2.0,
       FreeBSD 2.1.5, OpenBSD 2.0, BSDI 2.1, Windows NT 4.0, Win-
       dows 95


FILES
       nat.exe, userlist.txt, passlist.txt





















                                                                2


