::What is NetBIOS ?:: NetBIOS (Network Basic Input/Output System)
refers to
a concept originally conceived by IBM and Sytek as an Application
Programming Interface (API) for client software to access LAN resources.
NetBIOS has since been adopted as an industry standard and now it
offers
network applications a chance to fill up the previous communication
gaps by
carrying out inter-application communication and data transfer.
In a basic
sense, NetBIOS allows applications to talk to the network.
::NetBIOS in Windows:: A computer is open to NetBIOS if that computer
has
port 139 open. This is the single most dangerous port on the Internet.
All
"File and Printer Sharing" on a Windows machine runs over
this port. About
10% of all users on the Internet leave their hard disks exposed
on this
port. This is the first port hackers want to connect to, and the
port that
firewalls block. Port 139 is primarily used by the SMB browser service
that
fills the information within the "Network Neighbourhood"
icon.
::Finding the vulnerable:: For this one needs to scan the network
or a
range of IP's to see who has port 139 open. For this I recommend
you use LAN
Scan. Once you have finished scanning a network and have found vulnerable
IP's then you move to the next step.
::Exploiting the vulnerability:: Start » Run » \\xxx.xxx.xxx.xxx
»
OK where xxx.xxx.xxx.xxx is the IP address of the victim. This
will open a window which will show the contents of the victim's
hardisk. You
may now view, download, upload and delete files and other documents
off the
victims computer.
::Getting past the password box:: If this does not happen and a
password box
pops up then you need to download PQwak. It will ask for the IP
address and
the share name. Share name is like the name of the folder which
is password
protected. Leave the rest to PQwak. (Ps. PQwak will not work for
the share
name IPC$)
::Getting around IPC$ share:: This will explain the "uses"
of IPC for
hackers. Inter-Process Communication is used for data sharing between
applications and computers. We will be looking at Windows NT default
IPC$
share use for communication between computers. This share is what
we use to
start to gain access to the server. What we will look at before
we start is
the NET commands for the console in NT. (Note I was unable to create
a null
connection using a 95/98 computer I had to use an NT computer) The
net
commands that we will be using are net use and net view. Now get
in to the
console (fake ms-dos) in windows. Pick out your target and make
sure that it
is an NT system with port 139 open. After checking for that you
go to the
console and type:
Example 1> C:\>NET USE \\TARGET\IPC$ * /USER:
Example 2> C:\>NET USE \\TARGET\IPC$ * /USER:""
Example 3> C:\>NET USE \\TARGET\IPC$ "" /USER:""
a.. Note: For some reason the command varies a little bit from
NT to NT
b.. Note: TARGET is the name or IP of the computer, ex. \\211.3.4.11\ipc$
* /user:
c.. Note: If it works youll get> The command completed successfully.
d.. Note: To check the connection type NET USE \\TARGET\IPC$
::Disclaimer:: This tutorial is for educational purposes only and
should not
be exploited for personal benefit.
|