Hi @all, i wonder nobody seems to test the following nice, alternatively and very powerful tool, which called LanGuard. (http://www.gfisoftware.com/languard/lanscan.htm) I prefer LANguard Network Scanner v2.0 - BETA! (ftp://ftp.languard.com/lannetscan2.exe) Feature List: <snip> Scans large networks by sending UDP query status to every IP. Lists NETBIOS name table for each responding computer. Provides NETBIOS hostname, currently logged username & MAC address. OS detection using SMB queries (Windows 9x/NT/2k/Unix). Enumerates all shares on the remote computer (including printers, administrative shares C$,D$,ADMIN$). Identifies crackable passwords (share level security) on Windows 9x. Tests password strength on Windows 9x/NT/2k systems using a dictionary of commonly used passwords. Identifies well known services (such as www/ftp/telnet/smtp...). Provides list of shares, users (detailed info), services, sessions, remote TOD (time of day) from remote computer (NT/2k). Gets registry information. Port scanning (including banner grabbing, i.e., application name). SNMP device detection, SNMP Walk for inspecting network devices like routers, network printers... Support for sending spoofed messages (social engineering). DNS lookup (www.somehost.com - > xxx.xxx.xxx.xxx); resolve hostnames (reverse DNS). Traceroute support for network mapping. Reports are outputted in HTML. LANguard Network Scanner runs on Windows systems (Windows 9x/Me/NT/2k) but Windows NT/ Windows 2000 is recommended. <snip> Best Regards, Dipl.-Inform. Pierre Kroma Security Consultant ======================================================== System Security Schreiber (SySS) Friedrich-Dannenmann-Stra?e. 2 72070 Tubingen Germany Voice: ++49 7071-407856-014 Fax: ++49 7071-407856-019 Mobil: ++49 172-7121572 mailto: Kromaat_private http://www.syss.de -----Original Message----- From: Tom Fischer [mailto:rustomfiat_private-stuttgart.de]On Behalf Of Tom Fischer Sent: Donnerstag, 1. November 2001 01:42 To: Ian Lyte Cc: pen-testat_private Subject: Re: Using Null Session information from NAT.EXE Hi, On Wed, Oct 31, 2001 at 10:07:10AM +0000, Ian Lyte wrote: > [...] > The big question is, for me anyway, since NAT.EXE has succesfully found the > Admin password it is obviously managing to connect to the other box somehow > and get authenticated. How is it that NAT can and I can't? Is this due to > NAT using its own modified SMBCLIENT and if so where can I get a copy of the > SMBCLIENT only? what's about the different LAN Manager authentication level? Nat.exe use the cygwin.dll (http://www.cygwin.com/) and not the Windows own LAN Manager authentication. So have a look at the authentication level: Windows NT (Q147706): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMcompatibilityLevel (REG_DWORD) Level 0 - Send LM response and NTLM response; never use NTLMv2 session Level 1 - Use NTLMv2 session security if negotiated Level 2 - Send NTLM authenication only ... (default 0) Windows 2000 (see GroupPolicy: LAN Manager Authentication Level) Alternatively use a linux box and smbclient ... or cygwin or ... ciao, Tom -- Tom Fischer Tom.Fischerat_private-stuttgart.de RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax) Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Nov 03 2001 - 15:47:23 PST