BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


FreeBSD Basics

Browsing through the Ports Collection

01/24/2002

If you're a regular reader of this series, you already know that I'm a big fan of the FreeBSD ports collection. It never ceases to amaze me how over 6000 applications are a mere "make install" away. In today's article, I'll share some of the ports I've discovered in the last six months.

As a reminder, if you'd like to try building any of these ports yourself, make sure you have a /usr/ports directory on your FreeBSD system. If you don't, go to www.freebsd.org/ports and click on the link that says "Download a gzip'd tar file of all ports." After your download, become the superuser and untar the file like so:

su
Password:
mv ports.tar.gz /usr
cd /usr
tar xzvf ports.tar.gz

This process will create the ports directory and all of its subdirectories for you. To actually build a port, cd into its directory as the superuser, and type make install clean while you are connected to the Internet. Once you're finished, leave the superuser account to try out your new application. If you are using the C shell, you may have to type rehash so the newly-installed application will be in your path.

Whenever I have a bit of spare time to build some ports, I always seem to end up in the /usr/ports/net directory first. I have a small LAN at home running various operating systems, and I am always looking for new things to try with my computers. I also like to practice hardening each operating system to make them more secure, so the description of nat caught my eye:

"SMB/CIFS server and file share auditing tool used to gather information and identify misconfigurations in security critical environments."

If you decide to build this port, remember that you NEVER try to audit a computer that is not yours unless you have the explicit, written permission of the owner of that computer.

Since I had recently installed an MS operating system on my LAN, I was curious to see what information it would give before I started applying the required patches to the operating system. So after building the nat port, I became a regular user and ran it like this, where 10.0.0.2 is the IP address of that MS computer on my LAN:

cd /usr/local/share/nat
nat -u userlist.txt -p passlist.txt 10.0.0.2

[*] NAT - NetBIOS Auditing Tool v2.0
    Copyright 1996, 1997, 1998, Secure Networks Inc.
[*] Host 10.0.0.2 (unknown) checked on Sat Jan 19 10:28:31 2002
[*] Trying to connect with '*SMBSERVER'
[*] Connected with NetBIOS name *SMBSERVER
[*] Dialect selected: NT LM 0.12
[*] Server has share level security enabled
[*] Server supports password encryption
[*] Remote server's workgroup: WORKGROUP
[*] Logging in as '' with password ''
[*] Able to login as user '' with password ''
[*] Server Operating System: Windows 5.0
[*] Lan Manager Software   : Windows 2000 LAN Manager
[*] Machine has a browse list
  NOVATECH
      - NetBIOS OS Version 5.0
      - Master browser
      - System is Windows NT
[*] Unable to list shares as '' user
[*] Guessing passwords
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMINISTRATOR'
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMIN'
[*] Trying to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Trying to login as user 'ADMINISTRATOR' with password 'LOGON'
[*] Guessed: ADMINISTRATOR Password: PASSWORD
[*] Logging in as 'ADMINISTRATOR' with password 'PASSWORD'
[*] Able to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Workstation information
  Computer Name  : NOVATECH
  User Name      :
  Work Group     : WORKGROUP
  Version        : 5.0
  Logon Domain   :
  Other Domains  :
[*] Able to list shares as 'ADMINISTRATOR' user
  C$            DISK       Default share
  ADMIN$        DISK       Remote Admin
  IPC$          IPC        Remote IPC
[*] Verbose share information for C$
  Share Name   : C$
  Comment      : Default share
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 0
  Shared Path  : C:\
[*] WARNING: Able to connect to \\*SMBSERVER\C$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\C$
[*] Verbose share information for ADMIN$
  Share Name   : ADMIN$
  Comment      : Remote Admin
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 0
  Shared Path  : C:\WINNT
[*] WARNING: Able to connect to \\*SMBSERVER\ADMIN$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\ADMIN$
[*] Verbose share information for IPC$
  Share Name   : IPC$
  Comment      : Remote IPC
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 1
  Shared Path  :
[*] WARNING: Able to connect to \\*SMBSERVER\IPC$ as 'ADMINISTRATOR' user
[*] Trying to get user information for *SMBSERVER
[*] Trying to get user information for NOVATECH$
[*] Trying to get user information for ADMINISTRATOR
[*] User Information for ADMINISTRATOR
  User          : Administrator
  Comment       : Built-in account for administering the computer/domain
  Comment       :
  Full Name     :
  Privilege     : 2 - User has ADMINISTRATOR privilege
  Auth Flags    : 0
  Password Age  : 4 minutes
  Home Directory:
  Parameters    :
  Last Logon    : Sat Jan 19 05:20:27 2002
  Last Logoff   : Never
  Bad Logons    : 0
  Total Logons  : 4
  Logon Server  : \\*
  Country code  : 0
  Workstations  :
  Max storage   : Unlimited
  Code page     : 0
[*] Trying to get user information for GUEST
[*] User Information for GUEST
  User          : Guest
  Comment       : Built-in account for guest access to the computer/domain
  Comment       :
  Full Name     :
  Privilege     : 0 - User has GUEST privilege
  Auth Flags    : 0
  Password Age  : 0 minutes
  Home Directory:
  Parameters    :
  Last Logon    : Never
  Last Logoff   : Never
  Bad Logons    : 54
  Total Logons  : 0
  Logon Server  : \\*
  Country code  : 0
  Workstations  :
  Max storage   : Unlimited
  Code page     : 0
[*] Trying to get user information for IUSR_*SMBSERVER
[*] Trying to get user information for *SMBSERVER$

Whoa. All of this information was garnered in about a second. And I remind myself why you never connect any operating system to the Internet until it is properly hardened, and better yet, is behind a properly-configured firewall.

Related Reading

Learning the Unix Operating System, 5th EditionLearning the Unix Operating System, 5th Edition
By Jerry Peek, Grace Todino & John Strang
Table of Contents
Index
Sample Chapter
Full Description

You'll note that I referred to the built-in password and user lists when I ran the nat utility. And that I was also negligent in choosing the obvious password of "password," even though I was just playing around with an install on my home LAN.

This utility could prove useful in checking the security of computers under your control. Simply add the usernames you've created in your network to the userlist.txt file and add obvious passwords that you hope your users aren't using to the passlist.txt file. Then run the utility against the IPs running in your own network, and redirect the output to a file for analysis. I certainly plan on rerunning this utility once I've hardened that NT computer to check how successful my hardening efforts were.

Pages: 1, 2

Next Pagearrow





Sponsored by: