


NAT(1)                                                     NAT(1)


NNAAMMEE
       nat - NetBIOS Auditing Tool

SSYYNNOOPPSSIISS
       nat   [-o   <oouuttppuutt>]   [-u  <uusseerrlliisstt>]  [-p  <ppaasssslliisstt>]
       <<aaddddrreessss>>

DDEESSCCRRIIPPTTIIOONN
       nnaatt is a tool written to perform various  security  checks
       on systems offering the NetBIOS file sharing service.  nnaatt
       will attempt to retrieve all  information  availible  from
       the remote server, and attempt to access any services pro-
       vided by the server.

OOPPTTIIOONNSS
       --oo     Specify the oouuttppuutt file.  All results from the scan
              will  be written to the specified file, in addition
              to standard output.

       --uu     Specify the file to read uusseerrnnaammeess from.  Usernames
              will  be read from the specified file when attempt-
              ing to guess the password  on  the  remote  server.
              Usernames  should appear one per line in the speci-
              fied file.

       --pp     Specify the file to read ppaasssswwoorrddss from.  Passwords
              will  be read from the specified file when attempt-
              ing to guess the password  on  the  remote  server.
              Passwords  should appear one per line in the speci-
              fied file.

       <<aaddddrreessss>>
              Addresses should be specified in comma  deliminated
              format,  with  no spaces.  Valid address specifica-
              tions include:

              hostname - "hostname" is added

              127.0.0.1-127.0.0.3,   adds   addresses   127.0.0.1
              through 127.0.0.3

              127.0.0.1-3,   adds   addresses  127.0.0.1  through
              127.0.0.3

              127.0.0.1-3,7,10-20,   adds   addresses   127.0.0.1
              through  127.0.0.3,  127.0.0.7,  127.0.0.10 through
              127.0.0.20.

              hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1
              through 127.0.0.1

              All combinations of hostnames and address ranges as
              specified above are valid.




                                                                1





NAT(1)                                                     NAT(1)


       If no userlist or password list files are specified on the
       command line, a small set of defaults are used.  This list
       includes the following:

         UUsseerrnnaammeess

         "ADMINISTRATOR",  "GUEST",  "BACKUP",  "ROOT",  "ADMIN",
       "USER",  "DEMO",  "TEST",  "SYSTEM",  "OPERATOR",  "OPER",
       "LOCAL"

         PPaasssswwoorrddss

         "ADMINISTRATOR", "GUEST", "ROOT",  "ADMIN",  "PASSWORD",
       "TEMP", "SHARE", "WRITE", "FULL", "BOTH", "READ", "FILES",
       "DEMO",  "TEST",  "ACCESS",  "USER",  "BACKUP",  "SYSTEM",
       "SERVER", "LOCAL"

       The  password  guessing routines are written in such a way
       that all passwords are tried for all usernames.  Keep this
       in  mind  when  using  larger lists of passwords and user-
       names, as the time required increases  exponentially  with
       the size of these lists.

SSUUPPPPOORRTTEEDD PPLLAATTFFOORRMMSS
       This version of nnaatt has been tested against Windows NT 4.0
       and various versions of the Samba server written by Andrew
       Tridgell.

       This  version  of  nnaatt has been tested and compiled on the
       following  operating  systems:  SSoollaarriiss  2.5,  LLiinnuuxx  2.0,
       FFrreeeeBBSSDD 2.1.5, OOppeennBBSSDD 2.0, BBSSDDII 2.1, WWiinnddoowwss NNTT 4.0, WWiinn--
       ddoowwss 9955


FFIILLEESS
       nnaatt, uusseerrlliisstt..ttxxtt, ppaasssslliisstt..ttxxtt





















                                                                2


