NetBIOS stands for Network Basic Input Output System. It allows your LAN
or WAN to share drives, folders, files and printers. Gaining access to a computer
through NetBIOS is very simple and easy. The only thing required is for the target
machine to have file and printer sharing enabled and to have port 139 open.
Below I will show you an example of what a hacker would do to gain access to a
Windows machine through NetBIOS.
1. First the hacker would search for a target. A common tool used by hackers
is Angry IP Scanner . Download and install it.
2. Next the hacker would insert the IP range he would like to scan. If the
hacker was connected to a WLAN (Wireless Local Area Network) he would
scan the local computers like I have shown below.
runs on port 139, he will choose to scan each found host for that port. Click
the downward arrow on the right and check the Scan ports box. A popup
will come up asking you if you would like to select a new port. Click YES.
4. Type in the port number 139 into the first box and click OK.
5. Click start. The program will begin scanning and when it’s complete a box
with the results will come up.
6. As you can see 224 Ips were scanned. Out of those only one was alive and
luckily it has port 139 open.
7. Open the Command Prompt by going to Start -> Run -> Type in cmd ->
<ENTER> .
8. Now the hacker would run the “nbtstat –a TargetIPaddress” this will tell us
if the target has file and printing enabled. Without it, this attack is not
possible.
9. Next the hacker would run the command “net view \\TargetIPaddress”.
This command will display any shared drives, folders, files or printers. If
nothing comes up, you won’t be able to gain access to anything since there
is nothing being shared
10. To map out my drive onto his computer the hacker would use the
command “net use G: \\TargetIPaddress\DriveName”. So in my case I
would run the command “net use G:\\192.168.1.101\SharedDocs”. You
can use any letter in place of G:\\. This just tells the computer what to
name the drive on your computer.
11. What’s this? Looks like I already have a drive G. To avoid this problem, go
to My Computer where it will show all of your current Drives. To fix this
simply change the letter G to a nonexistent drive letter.
12. Once the command is completed successfully, go to My Computer and you
should see a new drive under Network Drives. Double clicking it brings up
all of the targets documents.
No comments:
Post a Comment