October 4th, 2002, 10:04 PM
Common Network/PC Threat: NetBIOS Hack
Hello and Welcome to my first and probably only (I'm not a good tutorial writer at all, sorry) tutorial here at AntiOnline. This one will be about the Common Attack of NetBIOS and will directed to mostly newbies. Well, I'm not going to bore you any longer, let's get down to buisness!
**NetBIOS Attack and History**
NetBios, for one, is short for Network Basic Input/Output System and was made and developed by IBM and Sytek as an API (Application Programming Interface used to access LAN (Local Area Network) resources. It short duke, it is used to access network services. PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. The communication in these enviroments when two computers share a netbios session is in a format called NCB (Network Control Blocks). The "allowance" so to speak of these blocks of memory is made and depended on by the user program. Now, NetBIOS names are names used to indetify resources on a network/pc. Applications use names to start/end netbios sessions. To start or view servers registered NetBIOS names and services, go to your DOS promt or Go to Start>Run> and type cmd. At the Prompt, type this:
nbtstat -A [ipaddy]
Now, you will get a table similar to this:
Name Number Type Usage
<computername> 00 U Workstation Service
<computername> 01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
<computername> 03 U Messenger Service
<computername> 06 U RAS Server Service
<computername> 1F U NetDDE Service
<computername> 20 U File Server Service
<computername> 21 U RAS Client Service
<computername> 22 U Exchange Interchange
<computername> 23 U Exchange Store
<computername> 24 U Exchange Directory
<computername> 30 U Modem Sharing Server
Now, generally, when you are being attacked, people will be looking for number 20, which would indicate you have file/print sharing enabled which inturn can give them access to your files within minutes. To protect from this is simple. Go to start>settings>controlpanel>network, and from their you will see File and Print Sharing. Click that and simple uncheck "I want to give other's access to my files" and Uncheck " I want to be able to let others print from my printer(s). Exit that, restart, and now you have File Sharing disabled. It's not that hard, but sometimes OS's have that ticker checked by default. A simple two minutes it takes to protect yourself from this kind of attack.**
I hope everyone liked this short (very short) tutorial on the Common Attack of NetBIOS, their will be another tutorial(s?) with similar common attacks. I'll be working on them but with school, work, football, and the weekend plans, it'll be hard. Hoped you enjoyed and learned, Common_Exploit
October 4th, 2002, 10:40 PM
In Windows XP (maybe others too, not sure) to enable or disable sharing you have to right click on the drive that you don't want to be shared and click the sharing tab to disable or enable sharing.
P.S. I'm sure you already knew but oh well.
October 4th, 2002, 10:45 PM
Ohh, good point. Sorry, right now I'm on WinME and I was basing it on what I was doing for my friend a few minutes ago on the WinMe Machine. Your right though, I'm sorry I forgot to add this.
October 4th, 2002, 10:57 PM
This has been explained many times already and in greater details (on both sides, ie: hacker/defence)...
Search the previous tutorials/archives...
Credit travels up, blame travels down -- The Boss
October 4th, 2002, 10:58 PM
Nice first tut - keep 'em coming!
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
October 4th, 2002, 11:47 PM
NetBIOS (Network Basic Input/Output System), originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources, has become the basis for many other networking applications.
PC's on a NetBIOS LAN communicate either by (1) establishing a session or by using NetBIOS (2) datagram or (3) broadcast methods.
All communication in a NetBIOS environment is presented to NetBIOS in a format called Network Control Blocks (NCB).The allocation
of these blocks in memory is dependent
on the user program.
Is it just me or do these quotes resemble the "tut" a bit too much. I found all these here. Why didnt you just name the thread "How to turn off file/print sharing for newbies?" Waste of space!
NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions.
\"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara
October 4th, 2002, 11:58 PM
Hrmm.. Well, this tutorial is mine and I wrote it myself. I don't deal with anything involving stealing other's idea's or anything like that because of the same thing happening to me. As you can see, my tutorial wasn't like those words you wrote, they were much alike because NetBIOS isn't the the kind of thing that changes how it works and whatnot.
October 5th, 2002, 12:03 AM
Originally posted here by Common_Exploit
I don't deal with anything involving stealing other's idea's or anything like that because of the same thing happening to me.
You stole my old RedHat signature you lying bastard! How dare you!? Because of your total lack of imagination I had to spend hours thinking of a new one...It's a little hard to be imaginative when my tired old brain is alcohol damaged...
I'm sure everyone remembers my "RedHat- Because re booting is for adding new hardware" signature...
Anyway, I shall not forget.......
October 5th, 2002, 12:05 AM
Lmfao! Hey, C_K, what can I say? I love RedHat. Btw, I have seen 4 people at AO that use the RedHat logo as a sig. Weird comments too. I liked yours, can you please put it back?
October 5th, 2002, 02:16 AM
a quick look through the tutorials index would have seen 2 tuts writen on the same subject alot more in depth by me and sorry but your tut is to close to that link that Mahakaal posted
some links that are interesting for you
from linux took me 10 seconds to find them
my liver is safe