Browsing through the Ports Collection
01/24/2002If you're a regular reader of this series, you already know that I'm a big fan of the FreeBSD ports collection. It never ceases to amaze me how over 6000 applications are a mere "make install" away. In today's article, I'll share some of the ports I've discovered in the last six months.
As a reminder, if you'd like to try building any of these ports yourself,
make sure you have a /usr/ports directory on your FreeBSD system. If you
don't, go to www.freebsd.org/ports and click on the link that says
"Download a gzip'd tar file of all ports." After your download, become the
superuser and untar the file like so:
su
Password:
mv ports.tar.gz /usr
cd /usr
tar xzvf ports.tar.gzThis process will create the ports directory and all of its subdirectories
for you. To actually build a port, cd into its directory as the
superuser, and type make install clean while you are connected to the
Internet. Once you're finished, leave the superuser account to try out your
new application. If you are using the C shell, you may have to type
rehash so the newly-installed application will be in your path.
Whenever I have a bit of spare time to build some ports, I always seem to
end up in the /usr/ports/net directory first. I have a small LAN at home
running various operating systems, and I am always looking for new things to try
with my computers. I also like to practice hardening each operating system
to make them more secure, so the description of nat caught my eye:
If you decide to build this port, remember that you NEVER try to audit a computer that is not yours unless you have the explicit, written permission of the owner of that computer.
Since I had recently installed an MS operating system on my LAN, I was
curious to see what information it would give before I started applying the
required patches to the operating system. So after building the nat port, I
became a regular user and ran it like this, where 10.0.0.2 is the IP address of
that MS computer on my LAN:
cd /usr/local/share/nat
nat -u userlist.txt -p passlist.txt 10.0.0.2[*] NAT - NetBIOS Auditing Tool v2.0
Copyright 1996, 1997, 1998, Secure Networks Inc.
[*] Host 10.0.0.2 (unknown) checked on Sat Jan 19 10:28:31 2002
[*] Trying to connect with '*SMBSERVER'
[*] Connected with NetBIOS name *SMBSERVER
[*] Dialect selected: NT LM 0.12
[*] Server has share level security enabled
[*] Server supports password encryption
[*] Remote server's workgroup: WORKGROUP
[*] Logging in as '' with password ''
[*] Able to login as user '' with password ''
[*] Server Operating System: Windows 5.0
[*] Lan Manager Software : Windows 2000 LAN Manager
[*] Machine has a browse list
NOVATECH
- NetBIOS OS Version 5.0
- Master browser
- System is Windows NT
[*] Unable to list shares as '' user
[*] Guessing passwords
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMINISTRATOR'
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMIN'
[*] Trying to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Trying to login as user 'ADMINISTRATOR' with password 'LOGON'
[*] Guessed: ADMINISTRATOR Password: PASSWORD
[*] Logging in as 'ADMINISTRATOR' with password 'PASSWORD'
[*] Able to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Workstation information
Computer Name : NOVATECH
User Name :
Work Group : WORKGROUP
Version : 5.0
Logon Domain :
Other Domains :
[*] Able to list shares as 'ADMINISTRATOR' user
C$ DISK Default share
ADMIN$ DISK Remote Admin
IPC$ IPC Remote IPC
[*] Verbose share information for C$
Share Name : C$
Comment : Default share
Permissions : 0
Max Uses : 65535
Current Uses : 0
Shared Path : C:\
[*] WARNING: Able to connect to \\*SMBSERVER\C$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\C$
[*] Verbose share information for ADMIN$
Share Name : ADMIN$
Comment : Remote Admin
Permissions : 0
Max Uses : 65535
Current Uses : 0
Shared Path : C:\WINNT
[*] WARNING: Able to connect to \\*SMBSERVER\ADMIN$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\ADMIN$
[*] Verbose share information for IPC$
Share Name : IPC$
Comment : Remote IPC
Permissions : 0
Max Uses : 65535
Current Uses : 1
Shared Path :
[*] WARNING: Able to connect to \\*SMBSERVER\IPC$ as 'ADMINISTRATOR' user
[*] Trying to get user information for *SMBSERVER
[*] Trying to get user information for NOVATECH$
[*] Trying to get user information for ADMINISTRATOR
[*] User Information for ADMINISTRATOR
User : Administrator
Comment : Built-in account for administering the computer/domain
Comment :
Full Name :
Privilege : 2 - User has ADMINISTRATOR privilege
Auth Flags : 0
Password Age : 4 minutes
Home Directory:
Parameters :
Last Logon : Sat Jan 19 05:20:27 2002
Last Logoff : Never
Bad Logons : 0
Total Logons : 4
Logon Server : \\*
Country code : 0
Workstations :
Max storage : Unlimited
Code page : 0
[*] Trying to get user information for GUEST
[*] User Information for GUEST
User : Guest
Comment : Built-in account for guest access to the computer/domain
Comment :
Full Name :
Privilege : 0 - User has GUEST privilege
Auth Flags : 0
Password Age : 0 minutes
Home Directory:
Parameters :
Last Logon : Never
Last Logoff : Never
Bad Logons : 54
Total Logons : 0
Logon Server : \\*
Country code : 0
Workstations :
Max storage : Unlimited
Code page : 0
[*] Trying to get user information for IUSR_*SMBSERVER
[*] Trying to get user information for *SMBSERVER$
Whoa. All of this information was garnered in about a second. And I remind myself why you never connect any operating system to the Internet until it is properly hardened, and better yet, is behind a properly-configured firewall.
|
Related Reading
|
You'll note that I referred to the built-in password and user lists when I
ran the nat utility. And that I was also negligent in choosing the
obvious password of "password," even though I was just playing around with
an install on my home LAN.
This utility could prove useful in checking the security of computers under
your control. Simply add the usernames you've created in your network to the
userlist.txt file and add obvious passwords that
you hope your users aren't using to the passlist.txt file. Then run the utility against the IPs running
in your own network, and redirect the output to a file for analysis. I certainly
plan on rerunning this utility once I've hardened that NT computer to check how
successful my hardening efforts were.
Pages: 1, 2 |
