January 30th, 2004, 02:21 PM
using netbios for remote access
i've read a lot about netbios now, but none of the tutorials say if it is possible to use these shares outside of your own workgroup/domain.
i know it's just a command line way of drive mapping, but i'm just curious of how to do this if one isn't in the same network.
January 30th, 2004, 02:32 PM
Im not going to say how you do it exactly, But if you have shares on your network and netbios running. It is possible to connect these shares to your computer remotely, as if it were a local drive.
January 30th, 2004, 02:37 PM
If I had you public IP, a valid Admin user name and password, and the machine had NetBIOS over TCP/IP enabled. I could type:
"net use \\%publicIP%\c$ /user:%adminusername% H:"
"Please enter your password:" %password%
And if entered correctly, I'd get:
The command completed sucessfully.
(C$ on %publicIP) H:\
It works the same as it does on a LAN! It's slow as hell, but it works!
And that's just the simple stuff...let's see...I can enumerate your SAM or LSA, I can modify your registry keys using a null session... In other words:
You need to block TCP/UDP 135-139 and 445 at your firewall or router and turn file shareing off on your internet connection.
January 30th, 2004, 02:44 PM
The answer to your question is easy. It IS posible. The only thing you need is that you have phisical connection to remote computer. Phisical is not right word, but I mean that you have some route to remote computer. NetBIOS doesn't care for workgrups or domains. So if you have shared folders on your computer, beware... someone might just find route to you...
If you need shares, put pwd on them.. make it good one... loooong one...
Make your knowledge your deadliest weapon.
January 30th, 2004, 05:11 PM
To prevent these shares from being created at startup, open RegEdit and edit the following key: HKeyLocal Machine\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Create a DWORD value called AutoShareWks and set the parameter to 0. This will disable all shares C$ D$ E$ ADMIN$ FAX$ Netlogon Print$ etc...and you wont have to worry about it anymore. Hope this helps, ComputerNerd22 Hey 576869746568617 , I tried giving you (+) greenies but I got this message when attempting to do so
Anyways excellent reply.
You must spread your AntiPoints around before giving it to 576869746568617 again.
January 30th, 2004, 05:31 PM
ok thanks, i get the point, but now a new one:
nbtstat -A <public ip>
net view \\<public ip>
hunt <public ip>
doesn't work, why not?