NetBIOS based hacking by Bob

View Poll Results: Which MMORPG will take over the future?

1. You may not vote on this poll
  • Darkfall

    0 0%
  • Age of Conan

    1 100.00%
  • Planeshift - Still in Alpha/Beta

    0 0%
  • Warhammer Online

    0 0%
  • StarTrek Online

    0 0%
  • Renaissance

    0 0%
  • Lord of the Rings Online

    0 0%
  • Other

    0 0%
Results 1 to 7 of 7

Thread: NetBIOS based hacking by Bob

  1. #1
    Junior Member
    Join Date
    Sep 2005

    Cool NetBIOS based hacking by Bob

    [NetBIOS based hacking by Bob]
    Hacking Shared Resources - The Windows Loophole

    Dear reader's I have written this tutorial keeping in mind that you might ,after reding posses basic knowledge of how hackers use NetBIOS as a tool for hacking. Using NetBIOS for hacking is the probably the easiest way to hack remotely any pc connected to the internet ,that has enabled File and printer sharing over its LAN.
    What is NetBIOS ?

    NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources.

    In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies.PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods.NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks.Printers and folders also are shared using NetBIOS in a network.

    For a quick look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:

    Run this command at (MS DOS) prompt:
    nbtstat -A [ipaddress]
    ex:nbtstat -A

    The Problem :

    1) NetBIOS (Microsoft Networking) over TCP/IP can present a serious security risk.Unlike the Internet, any computer on a NetBIOS network can gather name, address and resource information and distribute such info to others. Because of this, simple peer-to-peer networking is very easy to implement between any two NetBIOS-equipped machines.Windows resources can be readily shared with other machines across the Internet.

    2) Managing Shared Resources{The Windows Loophole }-- This means that when a home user sets up his own LAN using Microsoft's simple, handy, built-in networking, and if that user turns on file sharing, his shared resources immediately become available over the existing dial-up or other link to the Internet.

    In most cases, users are warned by Windows and can avoid trouble. Shared resources are also easily protected with passwords. But on a tiny home network or in a small business, passwords may often be omitted on the assumption all users are trusted, and in some cases, the user may be unaware of the risk.

    The warning reads: File and printer sharing is running on the TCP/IP connection you
    will use to access the Internet. Other users on the Internet
    might be able to access your files.

    Would you like Windows to disable file and printer sharing on the
    TCP/IP connection to the Internet?
    A similar warning was implemented for NT. In more recent NT versions (4.x), it is now virtually impossible to set up open file shares, and it cannot be done by accident.

    3) When a printer is shared on a Win9x machine, Windows creates a hidden system share called PRINTER$ which grants no-password-required read-only access to the WINDOWS\SYSTEM folder and all its subfolders.I know of no way to prevent Windows from creating this hidden share when a printer is shared, and I know no way to password-protect its access. Also unfortunately, as far as I know printer sharing in particular cannot be turned off on a per-device basis; it can only be disabled globally. If your Win9x system is on a LAN and you share a printer, and if you also share resources on the public Net, this hidden share will be accessible on the Internet link by default.While access to this share is read-only and therefore an intruder can't engage in any direct mischief; a great deal can often be determined about a system and/or its users by reading the information in this folder.

    (Using WINDOWS 9X Machine)


    You can manually interact with the NetBIOS with the help of NBTSTAT command. To use this command click on the start button then select RUN... and type "command" without quotes to launch MS-DOS Command Prompt. Alternatively you may click on Start Button then go to Programs and then select Command Prompt. Once you are in Command Prompt you can exit by typing command EXIT . To launch Command Prompt in full screen mode press ALT+ENTER key combination .To get back to the original window again press ALT+ENTER key combination. If you have launched the command prompt you will get


    If you do not get windows displayed after c:\ don't worry just keep going , all required commands will work fine.

    Now lets play with the NBTSTAT command.

    If you want to get more help from MS-DOS about this command type NBTSTAT/? on the prompt i.e.


    If you want to get the NetBIOS information of your computer type the following command

    c:\windows>nbtstat -a

    This command will list the NetBIOS information. A typical example

    NetBIOS Remote Machine Name Table

    Name Number Type Usage


    workgroup 00 G Domain Name

    my_computer 03 U Messenger Service

    myusername 03 U Messenger Service

    MAC Address = 00-02-44-14-23-E6

    Please note that we have used our ip address to be . This ip address is called as "Loop Back" ip address because this ip address always refers to the computer you are using.

    This example is self explanatory . We need not go in details. We need to know about the Name and Number. The Name displays the Name of the NetBIOS and there is a corresponding hexagonal number . You may see some additional names in your case.

    If you want to get the NetBIOS names of a remote computer, the command is

    c:\windows>nbtstat -a ipaddress

    Example - To get the NetBIOS names of a computer having ip address, we shall use the command

    NOTE- may be a active ip address of someone's computer. I am using it only as an example. Please don't hack this computer.

    c:\windows>nbtstat -a



    All you need is a Windows based operating system like Windows 98 and Me (but I prefer Windows NT, 2000, XP) and an internet connection.



    We can launch two types of attack on the remote computer having NetBIOS.

    1. Reading/Writing to a remote computer system

    2. Denial of Service


    Searching for a victim

    You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If at first you don't succeed step to next ip address until you find a suitable ip address. You may also use a port scanner .A port scanner is simply a software that can search for any block of ip address say to for one or more ports. "R3x" is a port scanner that gives NetBIOS names of the remote computer.


    Lets Hack -Part 1 Remotely reading/writing to a victim's computer

    Believe it or not but NetBIOS is the easiest method to break into somebody's computer. However there is a condition that must be satisfied before you can hack. The condition is that the victim must have enabled File And Printer Sharing on his computer. If the victim has enabled it , the nbtstat command will display one more NetBIOS name. Now lets us take a example. Suppose you know a ip address that has enabled File And Printer Sharing and let suppose the ip address happens to be .

    The command that you will use to view the NetBIOS name is

    c:\windows>nbtstat -a

    Let suppose that the output comes out to be

    NetBIOS Remote Machine Name Table

    Name Type Status
    user <00> UNIQUE Registered
    workgroup <00> GROUP Registered
    user <03> UNIQUE Registered
    user <20> UNIQUE Registered

    MAC Address = 00-02-44-14-23-E6

    The number <20> shows that the victim has enabled the File And Printer Sharing.
    The number <03> shows that the victim has enabled Messenger Service
    The number <00> shows that the victim has enabled Workstation Service


    NOTE - If you do not get this number there are two possibilities

    1. You do not get the number <20> . This shows that the victim has not enabled the File And Printer Sharing .

    2. You get "Host Not found" . This shows that the port 139 is closed or the ip address doesn't exists.


    If the number <20> is enabled our next step would be to view the drive or folders the victim is sharing.

    We will use command

    c:\windows>net view \\

    Let suppose we get the following output

    Shared resources at \\

    Share name Type Used as Comment

    CDISK Disk

    The command completed successfully.

    "DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like

    Shared resources at \\


    Share name Type Used as Comment

    HP-6L Print

    "Print " shows that the victim is sharing a printer named as HP-6L

    If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer's hard disk or printer.

    Till now we know that there is a computer whose ip address happens to be and on that computer File and printer sharing is enabled and the victim's hard disk 's name is CDISK.

    Now we will connect our computer to that hard disk . After we have connected successfully a drive will be created on our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our newly formed drive to the victim's share name CDISK it means that we our drive will have the same contents as that of the CDISK .

    Lets do it.

    We will use the NET command to do our work .

    Let suppose we want to make a drive k: on our computer and connect it to victim's share we will issue the command

    c:\windows>net use k: \\\CDISK

    You may replace k letter by any other letter.

    If the command is successful we will get the confirmation - The command was completed successfullly

    The command was completed successfully

    Now just double click on the My Computer icon on your desktop and you will be a happy hacker!

    We have just crested a new drive k: . Just open windows Explorer and you will find that you are able to access the remote computer's hard disk. Enjoy your first hack!



    Cracking Share passwords

    Sometimes when we use "net use k: \\ipaddress\sharename" we are asked for a password. There is a password cracker "PQWAK" . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on -

    Windows 95

    Windows 98

    Windows Me



    Using IPC$ to hack Windows NT,2000,XP

    Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.

    IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.

    We hackers use IPC$ in this way

    c:\windows>net use k: \\\ipc$ "" /user:""

    You may replace k letter by any other letter. If you replace it by "b" (type without quotes) a new drive will be created by a drive letter b.

    Please note that you won't be able to get access to victim's shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is "Internet Periscope". Another tool is "enum" - its my favorite toot however it is run on command promt.



    Penetrating in to the victim's computer

    Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more...

    But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim's hard disk . For this you need to have write access permission.
    Share on Google+

  2. #2
    Join Date
    Aug 2005


    I bet this Tutorial will soon be hidden...

    Share on Google+

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Good tut! I dont mean to undermind your work but, crapy topic. I've read probibly about a million of these. I could write a batch file to do the 'rooting' right here off the top of my head. Theres millions of simple 'rootkits' out there for netbios. I dont even think this is really hacking. Just my $0.02. Again, not to be a *****
    meh. -ech0.
    Share on Google+

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    why does that appear several times in this post, yet there are no "contents" listed?

    Share on Google+

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    why does that appear several times in this post, yet there are no "contents" listed?
    Because a lot of it seems to have been pasted from NETBIOS BASED HACKING TUTORIAL BY GAURAV KUMAR ?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
    Share on Google+

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    LOL, that would explain the goto contents!

    Atleast edit a tutorial if your going to cut and paste it!
    Drugs have taught an entire generation of kids the metric system.

    Share on Google+

  7. #7
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Originally posted here by nihil

    why does that appear several times in this post, yet there are no "contents" listed?

    Straightforward, a blindly copy/pasted material ..... he did not bother editing {excluding the Auother name} .... IKnowNot's link answers this question ....

    I wounder if he will ever write a tutorial?.... I wounder how he could copy/paste it in a new thread? Too lazy bob ............
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts