riff
Jose Jones
- Joined
- Nov 22, 2000
- Posts
- 10,348
NetBIOS Hacking
The information provided here is for educational purposes only, this information will outline exploits in NetBIOS on Windows systems that will hopefully educate people on the vulnrabilities their system's have. The information below is both original and compiled from other sites.
Steps
A. Setting Up Drivers
1. Check if IP or host has NetBIOS enabled
2. Find Computer Method
3. NET View method
4. Net Use method
5. File:// method
6. Protecting Yourself
A. Setting Up Drivers
1. Go to Control Panel\Network
2. Set the primary network login to "microsoft family login"
3. Click on file and printer sharing. check both boxes and reboot. (this installs drivers that you need)
4. After you reboot, go back and remove the checkmarks so this hack doesnt get used on you. (dont worry, your drivers wont get deleted)
5. Reboot again
1. Check if IP or host has NetBIOS enabled
There are several methods to check if the target computer has NetBIOS enabled. I will explain the simplistic use of the nbtstat program that comes with all Windows releases. Here is a little text dump of the usage of nbtstat.
C:\Windows> nbtstat -A 67.250.137.172
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
PC1 <00> UNIQUE Registered
PC1 <20> UNIQUE Registered
MSHOME <00> GROUP Registered
MSHOME <1E> GROUP Registered
MAC Address = 00-53-45-00-00-00
If you have gotten this table that lists the file shares and you see the '<20>', then they have NetBIOS enabled and you can most likely gain access to their share. The share name is to the left of the '<20>' under the Name column. You'll need it for the next step. If you get the response, 'Host Not Found', then the computer either doesn't have file sharing enabled, the computer won't respond to the command, or a firewall is filtering it.
2. Find Computer Method
This method involves editing the HOSTS file located in \Windows on 9x/ME and \Windows\system32\drivers\etc on 2k/XP. If there isn't one there you can just create one by opening Notepad, saving as 'HOSTS' without the quotes, and save as file type 'All Files(*.*)'. Make sure it is not a .txt file or this won't work. Now that you have the HOSTS file or have located it, open it in Notepad or whichever text editor you prefer and type, the IP address of the target computer followed by a space and the share name that had the '<20>' next to it when you ran nbtstat. It should look similiar to this:
67.250.137.172 PC1
Now Save, and close.
On Win9X/ME systems go to start > search > find computer. On Win2000 its the same, but for XP you go to start > search > file or folders, then click the label on the left hand side called "computers or people". Enter the IP of the remote computer and search for it, it should show up on the list and you double click the computer to access its shares.
If it asks for a password then you can grab a program called pqwack to brute force the password. Most of the time you won't encounter this though. Otherwise you'll have access to the file shares on this computer and you can browse and delete or create files or do whatever you want to the shared files. On Win2K, WinXP systems some directories will be off limits, but Win9X/ME usually don't have this problem.
3. NET View method
Now at the command prompt, type net view \\%IPADDRESS%. Here's an example.
C:\Windows>net view \\67.250.137.172
This will give you a list of shared resources and share type on the computer if file sharing is enabled. Here is an example output of the net view command:
C:\Windows> net view \\67.250.137.172
Shared resources at \\67.250.137.172
ComputerNameGoesHere
Share name Type Used as Comment
--------------------------------------------------------------------
CDISK Disk
4. NET Use method
Now we will want to use the Net use method to connect out computer to the HD that is being shared. This is really quite easy to do. Let's suppose we want to create the drive Z: on our computer and connect it to the victom's share, this is how we would do it:
C:\Windows> net use Z:\\67.250.137.172\CDISK
If the command is successful then we will get the confirmation - "The command was completed successfully". We have just created a new drive Z:, now just double click on the My Computer icon on your desktop and you will find that you are able to access the remote computer's hard disk.
5. File:// method
Well, if you've gone through everything above, you might be angry to know that there is sometimes a simpler method, in this method all you have to do is navigate your prefered browser to 'file://%IPADDRESS%/', An example:
file://67.250.137.172/
6. Protecting Yourself
1. If you dont need file and print sharing then disable it by removing the check marks from "File and Print Sharing" in Control Panel\Network.
2 If you are on a network and have to have File and Print Sharing Enabled then i suggest that you get a firewall and filter netbios allowing only your internal network to connect.
ZoneAlarm is a good free firewall you can get.
3. NOTE: Always use passwords on shared resources.
These are just a few of the methods to exploit NetBIOS on Windows systems from Windows systems, the purpose of this article was to expose the exploit to help people better protect themselves.
.:[END]:.
The information provided here is for educational purposes only, this information will outline exploits in NetBIOS on Windows systems that will hopefully educate people on the vulnrabilities their system's have. The information below is both original and compiled from other sites.
Steps
A. Setting Up Drivers
1. Check if IP or host has NetBIOS enabled
2. Find Computer Method
3. NET View method
4. Net Use method
5. File:// method
6. Protecting Yourself
A. Setting Up Drivers
1. Go to Control Panel\Network
2. Set the primary network login to "microsoft family login"
3. Click on file and printer sharing. check both boxes and reboot. (this installs drivers that you need)
4. After you reboot, go back and remove the checkmarks so this hack doesnt get used on you. (dont worry, your drivers wont get deleted)
5. Reboot again
1. Check if IP or host has NetBIOS enabled
There are several methods to check if the target computer has NetBIOS enabled. I will explain the simplistic use of the nbtstat program that comes with all Windows releases. Here is a little text dump of the usage of nbtstat.
C:\Windows> nbtstat -A 67.250.137.172
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
PC1 <00> UNIQUE Registered
PC1 <20> UNIQUE Registered
MSHOME <00> GROUP Registered
MSHOME <1E> GROUP Registered
MAC Address = 00-53-45-00-00-00
If you have gotten this table that lists the file shares and you see the '<20>', then they have NetBIOS enabled and you can most likely gain access to their share. The share name is to the left of the '<20>' under the Name column. You'll need it for the next step. If you get the response, 'Host Not Found', then the computer either doesn't have file sharing enabled, the computer won't respond to the command, or a firewall is filtering it.
2. Find Computer Method
This method involves editing the HOSTS file located in \Windows on 9x/ME and \Windows\system32\drivers\etc on 2k/XP. If there isn't one there you can just create one by opening Notepad, saving as 'HOSTS' without the quotes, and save as file type 'All Files(*.*)'. Make sure it is not a .txt file or this won't work. Now that you have the HOSTS file or have located it, open it in Notepad or whichever text editor you prefer and type, the IP address of the target computer followed by a space and the share name that had the '<20>' next to it when you ran nbtstat. It should look similiar to this:
67.250.137.172 PC1
Now Save, and close.
On Win9X/ME systems go to start > search > find computer. On Win2000 its the same, but for XP you go to start > search > file or folders, then click the label on the left hand side called "computers or people". Enter the IP of the remote computer and search for it, it should show up on the list and you double click the computer to access its shares.
If it asks for a password then you can grab a program called pqwack to brute force the password. Most of the time you won't encounter this though. Otherwise you'll have access to the file shares on this computer and you can browse and delete or create files or do whatever you want to the shared files. On Win2K, WinXP systems some directories will be off limits, but Win9X/ME usually don't have this problem.
3. NET View method
Now at the command prompt, type net view \\%IPADDRESS%. Here's an example.
C:\Windows>net view \\67.250.137.172
This will give you a list of shared resources and share type on the computer if file sharing is enabled. Here is an example output of the net view command:
C:\Windows> net view \\67.250.137.172
Shared resources at \\67.250.137.172
ComputerNameGoesHere
Share name Type Used as Comment
--------------------------------------------------------------------
CDISK Disk
4. NET Use method
Now we will want to use the Net use method to connect out computer to the HD that is being shared. This is really quite easy to do. Let's suppose we want to create the drive Z: on our computer and connect it to the victom's share, this is how we would do it:
C:\Windows> net use Z:\\67.250.137.172\CDISK
If the command is successful then we will get the confirmation - "The command was completed successfully". We have just created a new drive Z:, now just double click on the My Computer icon on your desktop and you will find that you are able to access the remote computer's hard disk.
5. File:// method
Well, if you've gone through everything above, you might be angry to know that there is sometimes a simpler method, in this method all you have to do is navigate your prefered browser to 'file://%IPADDRESS%/', An example:
file://67.250.137.172/
6. Protecting Yourself
1. If you dont need file and print sharing then disable it by removing the check marks from "File and Print Sharing" in Control Panel\Network.
2 If you are on a network and have to have File and Print Sharing Enabled then i suggest that you get a firewall and filter netbios allowing only your internal network to connect.
ZoneAlarm is a good free firewall you can get.
3. NOTE: Always use passwords on shared resources.
These are just a few of the methods to exploit NetBIOS on Windows systems from Windows systems, the purpose of this article was to expose the exploit to help people better protect themselves.
.:[END]:.
