Simple Report About Attack windows OS’s With NetBIOS :
First we should to know what the netbios is, it’s short for Network Basic Input/Output System.
It’s an application programming interface (API) that is used to make network calls to remote system.
It’s session protocol and used by other protocols such as TCP/IP.
The Microsoft TCP/IP stack uses an additional subprotocol for its services, NetBIOS over TCP/IP (NetBT). The purpose of NetBIOS over TCP/IP is to allow you to connect to servers and workstations by their NetBIOS name, also known as the computer name, and behind the scenes that name will be converted to an IP address. Because this is a Microsoft addition to the TCP/IP protocol, Microsoft created the NBTSTAT utility to troubleshoot problems that can arise with
NetBIOS over TCP/IP, or NetBIOS name resolution problems.
HOW TO USE NBTSTAT :
For first if we don’t know the nbtstat commands we can use just “ nbtstat “ in CMD and it load for us the help menu and command list…
Here we have the nbtstat command list :
· -a Lists a remote PC’s name table by specifying a remote PC’s name.
· -A Lists a remote PC’s name table by specifying a remote PC’s IP address.
· -c Displays contents of the name cache, giving the IP address of each name.
· -n Displays local names.
· -R Deletes the name cache and reloads entries from the LMHOSTS file that contains the #PRE tag.
· -r Displays name resolution statistics.
· -S Lists client and server sessions, listing the remote computers by IP address.
· -s Displays both client and server sessions, attempting to convert the remote computer IP address to a name using the Hosts file.
· Interval Specifies the interval to pause display.
Simple Attack Methods:
- Null Session:
With this type of attack we can find user groups of the systems …
First we should to find a target to test that, so we connect to modem-router. After that, we open CMD and type there “ arp –a ” to get our ip address for adapter that is connected to modem( we can use “ ipconfig ” instead of “ arp –a ”) then try to find target with pinging some ips that are in the same subnet with us or use “ net view ” to get all computer name that are connected to the same modem with us …
After find target, type in CMD “ nbtstat –A <target ip>” , with this command we get target MAC address and computer name.
Here is where that NULL SESSION is coming , after get target MAC and computer name we type in CMD “ net use ip>\IPC$ "/user:" ” …
( Its famous to NULL SESSION cuz there is no username to connect … as we see in the code there is no usename in front of user. )
After get successful message we type “ net view ip>” to get resources that shared by target , for access to resource folder we can use “ net use s: ip> \<shared folder name> ”…
For usernames and passwords we can use NAT( Network Auditing Tool) , with that we can use enum to enumerate username and password