Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

NetBIOS Hacking


NetBIOS Hacking

By ghostghost | 8406 Reads |
0     0

NetBIOS Hacking By ZenX

NetBIOS (Network Basic Input/Output System) hacking is extremely easy to do. This article will not describe what NetBIOS is or how it works, but it will describe how to exploit the vulnerability in NetBIOS. This is a old type of hack and most systems are patched, but there are still some systems out there that are vulnerable. Well, let’s get on to it.

NetBIOS use these ports:

UDP ports for network browsing: o Port 137 (NetBIOS name services) o Port 138 (NetBIOS datagram services) TCP ports for Server Message Block (SMB): o Port 139 (NetBIOS session services) o Port 445 (runs SMB over TCP/IP without NetBIOS)

We will concentrate on TCP port 139. So we find ourselves a Port-Scanner, Angry IP Scanner for example. And we scan a range of 200 IP-addresses, or more or less, you decide. We should filter out those IP-addresses that have TCP port 139 open. So when you got some IP-addresses with TCP port 139 open we should move on to the next step.

Start –> Run –> cmd

And we get into command. There we will use this command: nbtstat (NetBIOS over TCP/IP Statistics).

Syntax: nbtstat [IP]

We can use this command to check if a computer system is vulnerable. For example:

nbtstat IP

   Name                  Type                Status

JOHN <00> UNIQUE Registered JOHN <20> UNIQUE Registered MSHOME <00> GROUP Registered MSHOME <1E> GROUP Registered

MAC-address = [MAC-address]

Here we see that the computer of the IP-address has a hostname named JOHN and it is in the workgroup called MSHOME. The <20> after JOHN means that he have activated Printer and File-Sharing, and he is vulnerable. If <03> is after the name it means he have administrative rights.

The next step is to exploit the vulnerability we have just found. There are two ways, the netuse way and the LMHOSTS.SAM way.

Netuse:

First you need to see what JOHN is sharing, and you do that with the net view command.

Syntax: net view [IP]

For example:

Net view IP

Shared resources on IP

Name Type

Cannon PIXMA iP5000 Print Shared documents Disk C Disk Windows Disk

Here we see that this idiot has shared C and his Windows folder! Now we use the net use command.

Syntax: net use [drive]: \IP\Shared resource

For example:

net use k: \IP\Windows

The command is successful

You have just added the Windows folder on JOHN’s computer to your “My Computer” under the k: disk. You can do the same with the printer, so that you can print something on his printer from your computer. Now you can double click on k: disk in your “My Computer” and you get into his Windows folder.

LMHOSTS.SAM:

Another way to exploit this vulnerability is to change the LMHOSTS.SAM file. Follow these steps:

Find your LMHOSTS.SAM file, by searching in your Windows folder. Once you have found it, open it in notepad. Go down to the bottom of the file, and type in this: JOHN [his IP-address]. Go to search and choose computers, search for JOHN. Then you get the result, if JOHN stands there you can dobble-click on it, and you get on his computer and can see his shared files and folders.

Well, you see it is very easy to do.

XITIN or I take no responsibility for what you may do when you have read this article.

By ZenX Member of XITIN

Comments
Sorry but there are no comments to display