November 23rd, 2001, 10:18 PM
A VERY SIMPLE TUT ON BIOS HACKING
Bios hacking is one of the simplest methods of hacking. It allows you to connect to a remote computer which has 'file and print sharing' on.
1. To check if a certain computer has file and print sharing on then goto DOS and type in "nbtstat -a ipaddress" (without the
") if you get a something like Host Not found then the Ip does not have file and print sharing on but if you get something like:
NetBIOS Remote Machine Name Table
Name Type Status
host <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
sys <03> UNIQUE Registered
Then this Ip has file and print sharing on. MUHAHA. Now all you is find what is the name of a host which has a code of 20 (you know the <20> in the second coloumn) the name in this case is 'host'
Now you go and open any text editor, eg: Notepad and then click on File>Open and open a file called Lmhosts which is located in C:\Windows. remember Lmhosts does not have an extention so make sure you have File of Types to All Files (*.*). Once you have opened the document go to the end of it and type in the name of the host (in this case its host) and then press tab and type in the Ip address of the host. So Lmhosts (no extension should look like something like this:
Now save the file and exit. Click on Start and then Find, then click on Computer. Type in the Ip address in the search field and hit enter. You should get a result with the host as the name. double click on it and you are now moving around the victims directory as if it was your own.
Windows does not have enough free memory to run this program.
I will never intentionally abuse this board. However, when adding AntiPoints please be a man/woman and leave your name so we can discuss why you did so. I shall also leave my name on all points i send. Thankyou.
November 23rd, 2001, 11:14 PM
koo . this i did not know.
November 24th, 2001, 05:26 AM
At last, something useful. Thanks for that terrific netbios post.
A great reminder to check and see if you have any shares on your drives. IPC$ , C$, and Admin$ are often enabled by default which would be more than enough security stupidness to allow someone to do this to the machine.
Those running Windows 2000, consider filtering/blocking traffic inbound and outbound on ports 139 and 445.
Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.
Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.
November 24th, 2001, 06:07 AM
Why did you name your post Netbios Explained? You didn't explain it...
Maybe you're the one that should take a closer look at www.hackers.com 's Neophyte section, especially that txt-file by The Mentor
November 26th, 2001, 08:59 PM
netBIOS and netSTAT
that didn't really explane netBIOS hacking. i've got an IP with open shares... drive C:\ and printer is open. but i've found that "netBIOS explaned" tutorial damn near useless... any who, i was wondering what netSTAT is used for. i know all the commands -a -e -n -r bla bla bla, but what are they used for? i know what they do but i get confused easily. :P
November 26th, 2001, 10:18 PM
A simple tut on bios hacking? When abbreviating words you should be careful that the abbreviation doesn't mean something else - the acronymn "bios" actually stands for basic input/output system.
Another thing - this is *not* any form of hacking, mapping windows shares is about the lamest thing you can do, you're simply taking advantage of peoples niavity and microsofts bad programing. Certainly people should be made aware of this glaring hole in thier system, but explaining to people how to take advantage of this is ridiculous. A more apt title for this post would be "how to be a loser script kiddie"
One final thing - your explanation of this diabolical, there's no need to mess about with lmhosts to map shares - you obviously don't know what you're talking about.
November 26th, 2001, 11:31 PM
I am not sure if UberC0der was being serious or sarcastic, but I agree that something like this is a good reminder to check and re-check that netbios is not leaking stuff out to the network/internet that you don't want people to know.
As for the tut, a better title may have been `NetBIOS exploit for the lazy and hopeless'.
November 28th, 2001, 02:58 AM
Well, this being my first post on your forum, I found this topic of intrest because on this subject I can atleast provide some accurate info. Be forwarned, I am prone to long explanations at time, this could be one
I agree that this thread is somewhat misleading, Badassatchu, I'm sure is refering to the transport protocol 'NetBIOS' used by windows for lan type functionality (networking) between a small number of computers where some amount of inner-system trust could be assumed. What needs to be understood is that this protocal was not intended for global networking (internet) where inner-system trust shouldn't be assumed, unless you like being a victim.
This transport protocal (NetBIOS) that windows put into their OS's was designed by IBM, sorry Petemcevoy...you can't blame MS for everything, many many years before the internet was even around as we know it today and it's inherent security weakness became very exploitable on the global web to those savy people with to much curiosity or bad intentions. This weakness lies in the Microsoft network services, ie. 'client for Microsoft networks, file and printering sharing for Microsoft networks, and Microsoft family logon' and of these, the file and print sharing service is the most exploitable and most dangerous security risk to your personel computer. Why you ask, simply put, this particular service makes your computer exposed to the global web and not limitied to just a lan (loacal area network) envoronment which means your lan just got a whole lot bigger. This is a bad thing because that 'file and print sharing' service likes to do just that, share...sharing your files and info to the whole web world just as it was intended to do, but in a lan setting. This weakness allows others, with the know how, to access your computer and in a sense, take it over if they choose to. If your not sure, that's a bad thing, very bad. Sidenote, these sevices have nothing to do with the internet and your web browsing, email, newsgroups will all work just fine, isn't that nice of them to tell you that....
What can you do, you might ask as the unknowing, naive person to protect yourself from bad people on the web? Well, let me first make this discalimer, the info that follows is for those who are not or have no need for a lan connection, for the rest of you, chat with your IT guru, who has nothing to do anyways. Understand that this is not a complete security remedy, but only a small slice that will close one of the biggest dam hack exploits in your windows running computer. It deals with network bindings and how you can configure your pc to close that dreaded port 139 that likes to share so much with the web.
To the deed, and I will assume somewhat that you can get around in your computer ok:
For Win 95/98
Step 1, go to start/setting/control panel/network(open it).
Step 2, delete all network services except 'microsoft family logon' Don't touch 'tcp/ip, dial-up adapter, or netBEUI' in the main window of the netwrok panel. If you don't have 'netBEUI' then you need to add it.
Step 3, click dial up adapter/properties/bindings tab and make sure that both 'tcp/ip and netBEUI' are checked.
Step 4, click the tcp/ip/properties/ click ok on warning and select the bindings tab, unckeck all windows network services.
Step5, click netBEUI/properties and check the microsoft family logon network service.
Step 6, hit ok at the bottom on the network panel and resart your computer.
You have now closed that nasty port139 and made the sharing aspect of your computer's personality a thing of the past. Hope that helps some of you out there in web world, if your still confused, you can email me, but be nice.
In closing, I have no objections to someone sharing a 'tut' as you guys put it, but I also feel that a counter is needed to help those, not in the know, to combat your 'tut'. Afterall, this is the 'Anti Online' website, isn't it.
November 28th, 2001, 03:59 AM
Looking back at my post, i don't see where i "blame MS for everything" - could you show me?
sorry Petemcevoy...you can't blame MS for everything.
November 28th, 2001, 04:32 AM
To thin skinned, Petemcevoy.
Hey, I just read up on the antipoint system for these forums, be careful.
As to your witty response, if you look carefully at your post, in the sentence that contains the comment about Microsoft's 'bad programming' it could be viewed that you think they created that transfer protocol (NetBIOS). As to the word 'everything' bad choice on my part, sub the word 'this' for it and that will narrow it for you.
As to your profanity, well...that just goes to character, and yours at that moment was lacking. Maybe you need a few Guinness's in you to loosen you up and put a smile on your face...huh!
With Guinness in hand, I fear nothing... except and empty glass