4.2 NetBIOS Enumeration
NetBIOS Enumeration (重要)
- NetBIOS name is a unique 16 ASCII character string used to identify the network devices over TCP/IP, 15 characters are used for the device name and 16th character is reserved for the service or name record type.
- Attackers use the NetBIOS enumeration to obtain:
- List of computers that belong to a domain
- List of shares on the individual hosts in the network
- Policies and passwords
net view /domain
net view /domain:name
net view \\FIRE
net use \\FIRE "password" /u:"name"
- Null Session:
net use \\FIRE "" /u:""
W2K | XP/2K3 | Vista/WS2K12R2 | Samba | |
---|---|---|---|---|
Null Session | V | V | V | V |
Anonymous Enumeration | V | X | X | V |
Auth-ed Enumeration | V | V | V | V |
Remote (IPC$) | V | V | VX | X |
VX: 端看是否有加入domain。沒加入domain,會有UAC Remote Restriction的保護
Note: NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6)
- Nbtstat utility in Windows displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local and remote computers, and the NetBIOS name cache.
- Run nbtstat command
nbtstat.exe -c
to get the contents of the NetBIOS name cache, the table of NetBIOS names, and their resolved IP addresses. - Run nbtstat command
nbtstat.exe -a <IP address of the remote machin>
to get the NetBIOS name table of a remote computer.
- Run nbtstat command
NetBIOS Enumeration Tools:
SuperScan:
- SuperScan is a connect-based TCP port scanner, pinger, and hostname resolver.
Hyena:
- Hyena is a GUI product for managing and securing Microsoft operating systems. It shows shares and user logon names for Windows servers and domain controllers.
- It displays graphical representation of Microsoft Terminal Services, Microsoft Windows Network, Web Client Network, etc.
Winfingerprint:
- Winfingerprint determines OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open TCP and UDP ports.
NetBIOS Enumerator
- Nsauditor Network Security Auditor
Linux的工具有: enum4linux
Enumerating User Accounts
Enumerating Shared Resources Using Net View (重要)
- Net View utility is used to obtain a list of all the shared resources of remote host or workgroup.
- Net View Commands:
net view \\<computername>
net view /workgroup:<workgroupname>
Cain