Hi @all,
i wonder nobody seems to test the following nice, alternatively and very
powerful tool, which called LanGuard.
(http://www.gfisoftware.com/languard/lanscan.htm)
I prefer LANguard Network Scanner v2.0 - BETA!
(ftp://ftp.languard.com/lannetscan2.exe)
Feature List:
<snip>
Scans large networks
by sending UDP query status to every IP.
Lists NETBIOS name
table for each responding computer.
Provides NETBIOS
hostname, currently logged username & MAC address.
OS detection using
SMB queries (Windows 9x/NT/2k/Unix).
Enumerates all
shares on the remote computer (including printers, administrative
shares C$,D$,ADMIN$).
Identifies crackable
passwords (share level security) on Windows 9x.
Tests password
strength on Windows 9x/NT/2k systems using a dictionary of
commonly used passwords.
Identifies well
known services (such as www/ftp/telnet/smtp...).
Provides list of
shares, users (detailed info), services, sessions, remote TOD
(time
of day) from remote computer (NT/2k).
Gets registry information.
Port scanning (including
banner grabbing, i.e., application name).
SNMP device detection,
SNMP Walk for inspecting network devices like routers, network
printers...
Support for sending
spoofed messages (social engineering).
DNS lookup (www.somehost.com
- > xxx.xxx.xxx.xxx); resolve hostnames (reverse DNS).
Traceroute support
for network mapping.
Reports are outputted
in HTML.
LANguard Network
Scanner runs on Windows systems (Windows 9x/Me/NT/2k) but Windows
NT/
Windows 2000 is recommended.
<snip>
Best Regards,
Dipl.-Inform. Pierre Kroma
Security Consultant
========================================================
System Security Schreiber (SySS)
Friedrich-Dannenmann-Stra?e. 2
72070 Tubingen
Germany
Voice: ++49 7071-407856-014
Fax: ++49 7071-407856-019
Mobil: ++49 172-7121572
mailto: Kroma_at_syss.de
http://www.syss.de
-----Original Message-----
From: Tom Fischer [mailto:rustomfi_at_helpdesk.rus.uni-stuttgart.de]On
Behalf Of Tom Fischer
Sent: Donnerstag, 1. November 2001 01:42
To: Ian Lyte
Cc: pen-test_at_securityfocus.com
Subject: Re: Using Null Session information from NAT.EXE
Hi,
On Wed, Oct 31, 2001 at 10:07:10AM +0000, Ian Lyte wrote:
> [...]
> The big question is, for me anyway, since NAT.EXE has succesfully found
the
> Admin password it is obviously managing to connect to the other box
somehow
> and get authenticated. How is it that NAT can and I can't? Is this due to
> NAT using its own modified SMBCLIENT and if so where can I get a copy of
the
> SMBCLIENT only?
what's about the different LAN Manager authentication level? Nat.exe
use the cygwin.dll (http://www.cygwin.com/) and not the Windows own LAN
Manager authentication.
So have a look at the authentication level:
Windows NT (Q147706):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMcompatibilityLevel
(REG_DWORD)
Level 0 - Send LM response and NTLM response; never use NTLMv2 session
Level 1 - Use NTLMv2 session security if negotiated
Level 2 - Send NTLM authenication only
... (default 0)
Windows 2000 (see GroupPolicy: LAN Manager Authentication Level)
Alternatively use a linux box and smbclient ... or cygwin or ...
ciao, Tom
--
Tom Fischer Tom.Fischer_at_rus.uni-stuttgart.de
RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Nov 03 2001
Intro
