Professional Documents
Culture Documents
By: C0ldPhaTe
Introduction:
It has been brought to my attention that many people don’t understand the way NetBIOS works. Many
don’t even know where to begin when it comes to hacking NetBIOS. So in this tutorial I’m going to cover
the basics of hacking NetBIOS, I will also remind you hacking with NetBIOS is almost the easiest way to
hack remotely. Although it might be one of the most easiest way to hack remotely you will find that
hacking with NetBIOS has a lot of powerful uses also.
NBTSTAT -a (adapter status) Lists the remote machine's name table given its name
NBTSTAT -A (Adapter status) Lists the remote machine's name table given its IP address.
NBTSTAT -c (cache) Lists the remote name cache including the IP addresses
NBTSTAT -n (names) Lists local NetBIOS names.
NBTSTAT -r (resolved) Lists names resolved by broadcast and via WINS
NBTSTAT -R (Reload) Purges and reloads the remote cache name table
NBTSTAT -S (Sessions) Lists sessions table with the destination IP addresses
NBTSTAT -s (sessions) Lists sessions table converting destination IP addresses to host names.
RemoteName - Remote host machine name. IP address Dotted decimal representation of the IP address.
Interval - Redisplays selected statistics, pausing interval seconds between each display.
The column headings which are generated by using the NBTSTAT command have the following meanings:
C:\WINDOWS>NBTSTAT –a 66.94.35.10
Important Note: If you don’t get a read out with the number <20> showing. This means that the target
victum has enabled the File Sharing and Print Sharing. Also another thing you might get is the “Host Not
Found” This shows that either port 139 is a closed connection or that the Internet Protocol (IP) doesn’t
exist.
Now from the information we have gathered from the NBTSTAT command you can proceed to either
continue on hacking or you could use the other information for such as connection hijacking, MAC
spoofing etc. This information is rather important while continuing on in your hack but before you can do
anything else you going to need to know a little about what you just read, so below I have broke down the
NetBIOS Remote Machine Name Table.
Now that you have seen the complete NetBIOS Remote Machine Table in full I will now tell you how to
actually go about reading the table and understanding exactly what the table says. Below you going to find
a complete listing and definitions to each listing so please keep this table and listing handy because it will
play a big part in your hacker journeys.
NetBIOS Remote Machine Name Table Definitions:
Unique - Anything with the name unique may only have one Internet Protocol (IP) address assigned to it.
Group - A normal group, this allows a single name to exist with many Internet Protocols.
Domain Name – New in Microsoft Windows NT 4.0
Internet Group – A special configuration of the group names.
Now what you do from the received output is up to you, but most hackers would glean possible usernames
from the remote machine or remote machines. Which this will now lead me on to another think known as
NET command.
Note: You will often find shares like the C$, ADMIN$ and IPC$ share hidden and will most of the time not
be shown. Below is a listing of shares you might come across and should be familiar with. A lot of times
you will find that these shares are indeed password protected so you might have to try and Brute Force
attack the password or your might get lucky and find that the password is a default password which was
sent with the machine. If your asking yourself how do I know the default passwords search the web for
“Default NetBIOS passwords” and you should be rather pleased with your outcome.
I will now connect to the IPC$ share on 66.94.35.10 using a Null Session.
C:\net use
New connections will be remembered.
I mentioned above about the NET.exe and how powerful it actually was well I will now tell you some
interesting but yet very useful while your hacking into a machine to know. With the understanding of these
commands and how they work will make the process of gaining administrative writes a whole lot easier.
NET name - This will show the current name of the computer and who is currently logged in.
NET accounts – Will show the password restricted users.
NET share – Displays all shares on the local machine.
NET user – Will show accounts created on the local machine.
NET group – Can be used to add people to the Administrative group.
Conclusion:
Well I hope you have learned a little bit about hacking with NetBIOS. Although hacking NetBIOS is one of
the most easiest ways to hack into a system it is also a very powerful way to take over a system. I would
also recommend downloading some text files or buying some books on Windows NT, Windows 2000 or
hacking web servers. Remember it’s always smarter to read information before acting. The more
knowledgeable you are about your target operating system the less likely you are to make a false move,
which will get your ass caught. I’m not claming to be “l33t”, as most people would consider themselves.
You will see a lot of people say the are but you will find very few who really are. Also don’t be ashamed if
you go into a channel and someone makes fun of you for asking a question. We all have gone through it
just don’t get discouraged, just blow them off and continue to read up on anything you can get your hands
on. If you have any questions you can find me within Mirc or you can contact me through the information
provided below. Also be sure to download my other tutorials.