SWB
http://www.securityfriday.com/

What is SWB?

SWB enables the SMB(CIFS) session setup without depending on the version and the registry setting of your Windows machines.

The SMB session is established in the following steps.
1.TCP Connection
2.NetBIOS Session Request
3.SMB Negotiate Protocol
4.SMB Session Setup
5.SMB Tree Connect

The parameters usually used in each of these steps is automatically decided from the version and the registry setting of the Windows machine of the client and the server. Using SWB, you can flexibly set parameters and try the SMB session setup. 

Platforms: Windows 2000, Windows NT4, Windows 98SE and Windows ME.


Usage:

1.TCP Connection
Establish TCP 3way handshake.

Target IP Address:
Input the IP address of the target host, for which you want to know the share passwords, into the "Target IP Address:" box. 

 Example) 192.168.1.1

Port:
Which port do you use to connect the target machine? (139 or 445)
Only Windows 2000 supports port 445.
("Direct Hosting of SMB Over TCP/IP": http://support.microsoft.com/support/kb/articles/q204/2/79.asp)

Connect Button:
Start 3way handshake.

Disconnect Button:
Close TCP connection.


2.NetBIOS Session Request
Establish NetBIOS session.

Calling Name:
Input the Calling Name (Local machine's NetBIOS name)
16th Character of the Calling Name is automatically appended, which is 0x00
("NetBIOS Suffixes": http://support.microsoft.com/support/kb/articles/Q163/4/09.asp)

Called Name:
Input the Called Name (Target machine's NetBIOS name)
16th Character of the Called Name is automatically appended, which is 0x20
If target machine's OS is Windows NT or 2000,  you may get a success Session Request with "*SMBSERVER". But, you must specify the true NetBIOS name of the target machine, if target machine's OS is Windows 9x or ME.
When you fail Session Request, you may restart TCP conncetion.

Session Request Button:
Send packet over NetBT for Session request.


3.SMB Negotiate Protocol
Negotiate SMB protocol dialect.

Negotiate Button:
Start negotiation.

Detail Button:
You can select a dialect. Push "Detail" button and select a dialect on the "SMB Protocol Dialect" dialogue box.

You can choose from the listed dialect below.
a) PC NETWORK PROGRAM 1.0 (Core)
b) MICROSOFT NETWORKS 1.03 (Core Plus)
c) LANMAN1.0 (LAN Mangaer 1.0)
d) LANMAN2.1 (LAN Manager 2.1)
e) NT LM 0.12 (NT LM 0.12)

The following information is displayed when succeeding in Negotiation. 
a) Dialect of most functional version which client sends
b) Dialect which server decides
c) Security Mode (User Level or Share Level)
d) Whether you use Challenge/Response authentication or not?
e) Whether Extended Security is supported or not.(If Extended Security is supported, characters of "EXTENDED_SECURITY" are black. 


4.SMB Session Setup
Set up SMB session.

User:
Input logon username

Password:
Input logon password

Domain:
Input server's domain/computer name.
There is no influence in the result of Session Setup, except when the password encryption is NTLMv2 even if you don't input domain name. 

Session Setup Button:
Try to logon using username and password (and domain).

Logoff User Button:
Try to logoff.

Detail Button:
You can choose Password Type. Push "Detail" button and choose Password type on the "Password Encrypt" dialogue box.

You can choose password type from the listed type below.
a) Null
b) Cleartext
c) LM and NTLM
d) Only NTLM
e) Only NTLMv2


5.SMB Tree Connect
Connect to share resource.

Share Name:
Input a Share name. For instance, C$, D$, and Share, etc.

Service:
Select Service type
You can choose from the listed type below. You will usually choose "?????" or "A:".
a) A: disk share
b) LPT1: printer
c) IPC named pipe
d) COMM communitations device
e) ????? any type of device

Password:
Input share password.
You should input the password only for Share level security mode.
Of course, you may not input password when you will send null password.

Tree Connect Button:
Try to connect share resource using password.

Tree Disconnect Button:
Try to disconnect.


References:
a) NetBIOS on a TCP/UDP transport
a-1) Karl Auerbach, "Protocol Standard For A Netbios Service On A Tcp/Udp
    Transport: Concepts And Methods", RFC 1001, March 1987
a-2) Karl Auerbach, "Protocol Standard For A Netbios Service On A Tcp/Udp
    Transport: Detailed Specifications", RFC 1002, March 1987

b) Common Internet Files System Protocol (CIFS) / Server Message Block protocol (SMB)
P. Leach, D. Naik, "Common Internet Files System Protocol (CIFS/1.0)", Internet-Draft, <draft-leach-cifs-v1-spec-02.txt>,December 19, 1997. 

c) samba
http://www.samba.org/


Acknowledgement:
Source codes of samba contributed to the development of this tool. And I quoted samba source codes, especially parts of construction and analysis of SMB packets, and password encryption. I would like to thank for the great works of the samba team.

"SWB" is freeware. I cannot accept responsibility for any damage that may be caused to your system by using it.

temeran (temeran@securityfriday.com)
