# NetBios

Intended use: LAN coms - sharing printers,files,rpc calls, messaging, etc

Hacking: Info collecting - users, computers, shares, docs, printers, domains

Ports: 137, 138, 139

![](https://3470586442-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Mclm5Q336p2L-VHRAM8%2F-Mcm82PqEJjAuYI87Ey0%2F-McqjM01wKIezQ_Bd5LS%2Fimage.png?alt=media\&token=80aab179-d506-4546-87d8-171dfcfd7c5a)

Netbios naming scheme to tag what type of resource the computer is:

\#nbtstat -n			//the service this calls in WINS. -n name flag

![](https://3470586442-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Mclm5Q336p2L-VHRAM8%2F-Mcm82PqEJjAuYI87Ey0%2F-McqjPIF4htRbuRqJsIz%2Fimage.png?alt=media\&token=7231e2cc-2a16-4430-846d-ad5154a1075b)

List the remote computers name table from IP(can also do reversed -A)

(windows)#nbtstat -a \<target ip>	//look for interesting codes like 20 or others above ^.&#x20;

(linux)#nbtscan -v \<target ip or CIDR>

List Domains, shares, computers, resources in a network:

(win)#net view \<ip>

(lin)#smbclient -L \<target ip>

//We can then browse the output of net view (connects to C and mounts it at K:)

(win)#net use K: \\\192.168.99.162\C

(lin)#sudo mount.cifs //192.168.99.162/C /media/k\_share/ user=,pass=

### Nbtscan

NetBIOS scan

\# nbtscan -r 10.11.1.0/24		//gives ip list, netbios name, mac, and users present on the machine

&#x20;&#x20;

### Get Table

From Windows Attacker, display NetBIOS table:

C>nbtstat -a 10.130.40.70

Linux, Lookup table names:

\# nmblookup -A 10.130.40.70

### Null sessions

**Windows:**\
C:\\>net use \\\10.130.40.70\IPC$ "" /u:""\
or\
\#net use \\\192.168.99.162\IPC$ "" /user:""\
//if this works we can try a windows auto null session dump tool\
\#winfo \<target ip> -n\
\
**Linux:**\
\# smbclient -L 10.130.40.70\
//lin auto dumper\
\#enum4linux \<target ip> //a wrapper around rpclient, net, nmblookup, smbclient\
\
\ <br>