4.2 NetBIOS Enumeration

NetBIOS Enumeration (重要)

  • NetBIOS name is a unique 16 ASCII character string used to identify the network devices over TCP/IP, 15 characters are used for the device name and 16th character is reserved for the service or name record type.
  • Attackers use the NetBIOS enumeration to obtain:
    • List of computers that belong to a domain
    • List of shares on the individual hosts in the network
    • Policies and passwords
  • net view /domain
  • net view /domain:name
  • net view \\FIRE
  • net use \\FIRE "password" /u:"name"
  • Null Session: net use \\FIRE "" /u:""
W2K XP/2K3 Vista/WS2K12R2 Samba
Null Session V V V V
Anonymous Enumeration V X X V
Auth-ed Enumeration V V V V
Remote (IPC$) V V VX X

VX: 端看是否有加入domain。沒加入domain,會有UAC Remote Restriction的保護

Note: NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6)

  • Nbtstat utility in Windows displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local and remote computers, and the NetBIOS name cache.
    • Run nbtstat command nbtstat.exe -c to get the contents of the NetBIOS name cache, the table of NetBIOS names, and their resolved IP addresses.
    • Run nbtstat command nbtstat.exe -a <IP address of the remote machin> to get the NetBIOS name table of a remote computer.

NetBIOS Enumeration Tools:

  • SuperScan:

    • SuperScan is a connect-based TCP port scanner, pinger, and hostname resolver.
  • Hyena:

    • Hyena is a GUI product for managing and securing Microsoft operating systems. It shows shares and user logon names for Windows servers and domain controllers.
    • It displays graphical representation of Microsoft Terminal Services, Microsoft Windows Network, Web Client Network, etc.
  • Winfingerprint:

    • Winfingerprint determines OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open TCP and UDP ports.
  • NetBIOS Enumerator

  • Nsauditor Network Security Auditor

Linux的工具有: enum4linux

Enumerating User Accounts

Enumerating Shared Resources Using Net View (重要)

  • Net View utility is used to obtain a list of all the shared resources of remote host or workgroup.
  • Net View Commands:
    • net view \\<computername>
    • net view /workgroup:<workgroupname>


results matching ""

    No results matching ""