NetBios
Last updated
Was this helpful?
Last updated
Was this helpful?
Intended use: LAN coms - sharing printers,files,rpc calls, messaging, etc
Hacking: Info collecting - users, computers, shares, docs, printers, domains
Ports: 137, 138, 139
Netbios naming scheme to tag what type of resource the computer is:
#nbtstat -n //the service this calls in WINS. -n name flag
List the remote computers name table from IP(can also do reversed -A)
(windows)#nbtstat -a <target ip> //look for interesting codes like 20 or others above ^.
(linux)#nbtscan -v <target ip or CIDR>
List Domains, shares, computers, resources in a network:
(win)#net view <ip>
(lin)#smbclient -L <target ip>
//We can then browse the output of net view (connects to C and mounts it at K:)
(win)#net use K: \\192.168.99.162\C
(lin)#sudo mount.cifs //192.168.99.162/C /media/k_share/ user=,pass=
NetBIOS scan
# nbtscan -r 10.11.1.0/24 //gives ip list, netbios name, mac, and users present on the machine
From Windows Attacker, display NetBIOS table:
C>nbtstat -a 10.130.40.70
Linux, Lookup table names:
# nmblookup -A 10.130.40.70
Windows: C:\>net use \\10.130.40.70\IPC$ "" /u:"" or #net use \\192.168.99.162\IPC$ "" /user:"" //if this works we can try a windows auto null session dump tool #winfo <target ip> -n Linux: # smbclient -L 10.130.40.70 //lin auto dumper #enum4linux <target ip> //a wrapper around rpclient, net, nmblookup, smbclient