Samba: Lion King or Software Suite?

by VmasterX

This article on Samba is meant to teach the everyday hacker more on the SMB protocol and how it relates to the Samba utility suite.  (No, it's not just a dance!)  I also hope that this article educates you about the basic elements of the Samba suite.

What is Samba?

Samba is a suite of programs designed to allow clients to access file and printer sharing via the Server Message Block (SMB) protocol.

SMB, like almost all protocols, is based on the client/server model.  Originally designed to run on the standard UNIX platform, Samba now is compatible with NetWare, OS/2, and even VMS (does anyone still really use VMS?).  As you can see, this allows Windows and UNIX integration at the file level, which is a constant topic among many system administrators.  This means that the Samba suite is capable of redirecting disks, printers, and directories to UNIX disks, printers, and directories and vice versa.

SMB can be run with many other protocols including TCP/IP, NetBIOS, and IPX/SPX.  Even Samba's LAN manager is a good fix for a LAN running multiple OSes, such as Linux, UNIX, OS/2, Windows for Workgroups, Windows 95, Windows NT, etc.  All in all, Samba has been a blessing for many sysadmins.

Key Components of the Samba Suite

  • smbd:  The SMB server.  (This needs no more explanation.)
  • nmbd:  Name server for NetBIOS.
  • smbclient:  UNIX hosted client program.
  • smbrun:  The program that enables the server to run externally.
  • testparms:  Tests the server's config file.
  • testprns:  Tests access to a shared printer on the network.
  • smb.conf:  The config file for Samba.
  • smbprint:  A script that enables a UNIX host to print to an SMB server.

Holes in the SMB Protocol

The most commonly and easily exploited hole in the SMB protocol is yet another Denial-of-Service (DoS) attack.  Any hacker using Samba can simply send the message DIR..\ to an SMB server on an NT 3.5 or 3.51 machine and it will simply crash.  (Obviously a gaping hole that didn't win any new Microsoft fans.)  Microsoft has since issued a patch for this problem.

The second hole is much less likely to be cracked by your everyday hacker, as it requires knowledge of advanced spoofing methods that are not widely available to many of us.  An article entitled "Common Internet File System Protocol (CIFS/1.0)," written by I. Heizer, P. Leach, and D. Perry explains:

"Any attacker that can inject packets into the network that appear to the server to be coming from a particular client can hijack that client's connection.  Once a connection is set up and the client has authenticated, subsequent packets are not authenticated, so the attacker can inject requests to read, write, or delete files to which the client has access."

As you can see, such an attack is rarely seen but can prove a significant challenge to anyone willing to try.  The fact is: The Internet is full of little holes and glitches just waiting to be exposed.  That's what we as hackers do.

Conclusion

All in all, I hope this article explains a few things to you and I hope you may have learned something from it.  I know that many hackers out there are fairly uneducated in proper use of the SMB protocol, and some don't even know what it does.  This article was written in order to inform the many uneducated hackers about a protocol that can be extremely useful to the educated hacker.  Have fun, and happy hacking.

Reference on SMB (Samba)

The RFC entitled "Common Internet File System Protocol (CIFS/1.0)" is available in its entirety at: www.thursby.com/cifs/file

Sys Admin Volume 7, Number 9, explains some aspects of SMB that I may not have touched upon, but they are mainly from a security standpoint.  The Samba suite is available at samba.anu.edu.au/samb

As a side note, the suite also includes full source and is a very useful little bundle of software to learn more about the SMB protocol.

Return to $2600 Index