Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: NetBIOS explained

  1. #1

    NetBIOS explained

    A VERY SIMPLE TUT ON BIOS HACKING

    Bios hacking is one of the simplest methods of hacking. It allows you to connect to a remote computer which has 'file and print sharing' on.

    1. To check if a certain computer has file and print sharing on then goto DOS and type in "nbtstat -a ipaddress" (without the
    ") if you get a something like Host Not found then the Ip does not have file and print sharing on but if you get something like:

    NetBIOS Remote Machine Name Table

    Name Type Status
    -------------------------------------------------------------
    host <20> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    sys <03> UNIQUE Registered

    Then this Ip has file and print sharing on. MUHAHA. Now all you is find what is the name of a host which has a code of 20 (you know the <20> in the second coloumn) the name in this case is 'host'
    Now you go and open any text editor, eg: Notepad and then click on File>Open and open a file called Lmhosts which is located in C:\Windows. remember Lmhosts does not have an extention so make sure you have File of Types to All Files (*.*). Once you have opened the document go to the end of it and type in the name of the host (in this case its host) and then press tab and type in the Ip address of the host. So Lmhosts (no extension should look like something like this:

    ----------------------------------------------------

    host 210.231.01.23

    ----------------------------------------------------
    Now save the file and exit. Click on Start and then Find, then click on Computer. Type in the Ip address in the search field and hit enter. You should get a result with the host as the name. double click on it and you are now moving around the victims directory as if it was your own.

    Windows does not have enough free memory to run this program.

    I will never intentionally abuse this board. However, when adding AntiPoints please be a man/woman and leave your name so we can discuss why you did so. I shall also leave my name on all points i send. Thankyou.

  2. #2
    koo . this i did not know.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    185
    At last, something useful. Thanks for that terrific netbios post.

    A great reminder to check and see if you have any shares on your drives. IPC$ , C$, and Admin$ are often enabled by default which would be more than enough security stupidness to allow someone to do this to the machine.

    Those running Windows 2000, consider filtering/blocking traffic inbound and outbound on ports 139 and 445.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Why did you name your post Netbios Explained? You didn't explain it...

    Maybe you're the one that should take a closer look at www.hackers.com 's Neophyte section, especially that txt-file by The Mentor

  5. #5

    netBIOS and netSTAT

    that didn't really explane netBIOS hacking. i've got an IP with open shares... drive C:\ and printer is open. but i've found that "netBIOS explaned" tutorial damn near useless... any who, i was wondering what netSTAT is used for. i know all the commands -a -e -n -r bla bla bla, but what are they used for? i know what they do but i get confused easily. :P
    latr,
    Remote_Access_

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    A simple tut on bios hacking? When abbreviating words you should be careful that the abbreviation doesn't mean something else - the acronymn "bios" actually stands for basic input/output system.
    Another thing - this is *not* any form of hacking, mapping windows shares is about the lamest thing you can do, you're simply taking advantage of peoples niavity and microsofts bad programing. Certainly people should be made aware of this glaring hole in thier system, but explaining to people how to take advantage of this is ridiculous. A more apt title for this post would be "how to be a loser script kiddie"
    One final thing - your explanation of this diabolical, there's no need to mess about with lmhosts to map shares - you obviously don't know what you're talking about.

  7. #7
    Member
    Join Date
    Oct 2001
    Posts
    88
    I am not sure if UberC0der was being serious or sarcastic, but I agree that something like this is a good reminder to check and re-check that netbios is not leaking stuff out to the network/internet that you don't want people to know.

    As for the tut, a better title may have been `NetBIOS exploit for the lazy and hopeless'.

  8. #8
    Junior Member
    Join Date
    Nov 2001
    Posts
    3
    Well, this being my first post on your forum, I found this topic of intrest because on this subject I can atleast provide some accurate info. Be forwarned, I am prone to long explanations at time, this could be one

    I agree that this thread is somewhat misleading, Badassatchu, I'm sure is refering to the transport protocol 'NetBIOS' used by windows for lan type functionality (networking) between a small number of computers where some amount of inner-system trust could be assumed. What needs to be understood is that this protocal was not intended for global networking (internet) where inner-system trust shouldn't be assumed, unless you like being a victim.

    This transport protocal (NetBIOS) that windows put into their OS's was designed by IBM, sorry Petemcevoy...you can't blame MS for everything, many many years before the internet was even around as we know it today and it's inherent security weakness became very exploitable on the global web to those savy people with to much curiosity or bad intentions. This weakness lies in the Microsoft network services, ie. 'client for Microsoft networks, file and printering sharing for Microsoft networks, and Microsoft family logon' and of these, the file and print sharing service is the most exploitable and most dangerous security risk to your personel computer. Why you ask, simply put, this particular service makes your computer exposed to the global web and not limitied to just a lan (loacal area network) envoronment which means your lan just got a whole lot bigger. This is a bad thing because that 'file and print sharing' service likes to do just that, share...sharing your files and info to the whole web world just as it was intended to do, but in a lan setting. This weakness allows others, with the know how, to access your computer and in a sense, take it over if they choose to. If your not sure, that's a bad thing, very bad. Sidenote, these sevices have nothing to do with the internet and your web browsing, email, newsgroups will all work just fine, isn't that nice of them to tell you that....

    What can you do, you might ask as the unknowing, naive person to protect yourself from bad people on the web? Well, let me first make this discalimer, the info that follows is for those who are not or have no need for a lan connection, for the rest of you, chat with your IT guru, who has nothing to do anyways. Understand that this is not a complete security remedy, but only a small slice that will close one of the biggest dam hack exploits in your windows running computer. It deals with network bindings and how you can configure your pc to close that dreaded port 139 that likes to share so much with the web.

    To the deed, and I will assume somewhat that you can get around in your computer ok:

    For Win 95/98

    Step 1, go to start/setting/control panel/network(open it).
    Step 2, delete all network services except 'microsoft family logon' Don't touch 'tcp/ip, dial-up adapter, or netBEUI' in the main window of the netwrok panel. If you don't have 'netBEUI' then you need to add it.
    Step 3, click dial up adapter/properties/bindings tab and make sure that both 'tcp/ip and netBEUI' are checked.
    Step 4, click the tcp/ip/properties/ click ok on warning and select the bindings tab, unckeck all windows network services.
    Step5, click netBEUI/properties and check the microsoft family logon network service.
    Step 6, hit ok at the bottom on the network panel and resart your computer.

    You have now closed that nasty port139 and made the sharing aspect of your computer's personality a thing of the past. Hope that helps some of you out there in web world, if your still confused, you can email me, but be nice.

    In closing, I have no objections to someone sharing a 'tut' as you guys put it, but I also feel that a counter is needed to help those, not in the know, to combat your 'tut'. Afterall, this is the 'Anti Online' website, isn't it.

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    sorry Petemcevoy...you can't blame MS for everything.
    Looking back at my post, i don't see where i "blame MS for everything" - could you show me?
    ****ing mick.

  10. #10
    Junior Member
    Join Date
    Nov 2001
    Posts
    3

    Post To thin skinned, Petemcevoy.

    Hey, I just read up on the antipoint system for these forums, be careful.

    As to your witty response, if you look carefully at your post, in the sentence that contains the comment about Microsoft's 'bad programming' it could be viewed that you think they created that transfer protocol (NetBIOS). As to the word 'everything' bad choice on my part, sub the word 'this' for it and that will narrow it for you.

    As to your profanity, well...that just goes to character, and yours at that moment was lacking. Maybe you need a few Guinness's in you to loosen you up and put a smile on your face...huh!
    With Guinness in hand, I fear nothing... except and empty glass

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •