Results 1 to 5 of 5

Thread: NetBIOS Question

  1. #1

    NetBIOS Question


    I am doing a test on two servers at work.

    Netbios on the two servers is enabled and accessible to those who enter correct username and password combinations.
    My question is this:
    If someone has access to a computer through Netbios (net use * \\\C$ /U:surreal) can they execute programs that would execute on the server itself and not on the client that issued the command? If so how?

    Thanks for your time.

  2. #2
    Join Date
    Jul 2003


    Yeah...follow this link and your question will be answered.


    Hope this helped a bit!

  3. #3
    Senior Member
    Join Date
    Nov 2001
    no but they can aways use WMI tool like psexec
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Originally posted here by Tedob1
    no but they can aways use WMI tool like psexec
    psexec is definitely a cool tool

    It's part of the pstools package and can be downloaded for free on the SysInternals website.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Yes, as has been mentioned PSEXEC is a favorite but there are many others. If you are using NetBios make sure you have the NullSession disabled or all your work will be for naught. A nice little program like ENUM.EXE can quickly enumerate accounts and TONS of useful info as well as perform a dictionary attack on NetBios shares which can quickly lead to the comprise of an otherwise sturdy seeming network, this also emphasizes the importance of strong passwords. I have been able to comprise many a server through the use of simple tools such as enum and a good wordlist.

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts