<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
The **multicast DNS** \(**mDNS**\) protocol resolves host names to IP addresses within small networks that do not include a local name server.
When an mDNS client needs to resolve a host name, it sends an Ip Multicast query message that asks the host having that name to identify itself. That target machine then multicasts a message that includes its IP address. All machines in that subnet can then use that information to update their mDNS caches.
Any host can relinquish its claim to a domain name by sending a response packet with a Time To Live\(TTL\) equal to zero.
By default, mDNS only and exclusively resolves host names ending with the **.local** top-level domain \(TLD\). This can cause problems if that domain includes hosts which do not implement mDNS but which can be found via a conventional unicast DNS server. Resolving such conflicts requires network-configuration changes.
* When using Ethernet frames, the standard multicast MAC address _01:00:5E:00:00:FB_ \(for IPv4\) or _33:33:00:00:00:FB_ \(for IPv6\).
* IPv4 address _224.0.0.251_ or IPv6 address _ff02::fb_.
* UDP port 5353.
mDNS queries will not pass through routers \(broadcast in ethernet only\).
This protocol can be used to discover hosts in the network. To do that you can requests special domain names \(e.g. _\_printers\_tcp.local_\) and all the domains rlated with that name will answer \(in this cases, printers\). A complete list with this special names can be found [here](http://www.dns-sd.org/ServiceTypes.html).
SSDP is a text-based protocol based on [HTTPU](https://en.wikipedia.org/wiki/HTTPU). It uses UDP as the underlying transport protocol. Services are advertised by the hosting system with multicast addressing to a specifically designated IP multicast address at UDP port number 1900. In IPv4, the multicast address is 239.255.255.250
This service allow the a device connected in a network to discover which services \(like printers\) are available in the network.
The client can send a broadcast UDP packet asking for some kind of service or the service provider can send a broadcast packet saying that it is offering a service.
Basically **allows you to share the fair** and necessary information that is stored in one service, with another. This way you can log in faster and your **data is only stored in one place** and you don't have to put usernames/passwords everywhere.
First you have to be already logged into google or a window will open for you to log in. Immediately afterwards, the service will ask the google server for a token to access your info. Google will drop one of those screens of "_The application XXXXX wants to access this information of yours: ..._" when you click on accept, google will respond to the application with a code which the application will use to request a token with which google will respond. Once the application has a token, it can be used with the Google API to obtain the information it requested.
Both the RADIUS server and the user that tries to connect have a "shared secret", in this way the RADIUS server sends a challenge to the NAS that it forwards to the user that is logging in, this encrypts it with said secret and forwards it to the NAS and if it matches with the encryption that RADIUS has done, the user has proven his identity.
Once the identity is proven, the RADIUS user instructs the NAS to assign the user an IP address. Also, when this is done, the NAS sends a start message to RADIUS for it to record. When the user logs out, the NAS sends a termination message. In this way, RADIUS records the consumption of the session to be able to bill accordingly \ (this data is also used for statistical reasons \)
The objective of SMB being implemented over only TCP or over NetBIOS + TCP is to increase the communication capacity with more equipment that only supports one or the other.
Its function is to establish sessions and maintain connections in order to share network resources, but to send packets from one site to another it requires IPC/IPX or NetBEUI or TCP/IP.
Every machine using NetBIOS must have a unique **name** that distinguishes it from the rest. So when a new machine comes in, it's first checked that no one is using the name it's requesting to use. there are also **group names** that can be used by as many stations as they want but there can't be two groups with the same name. It is a way to be able to send messages to several machines. So you can send messages to a user, a group or broadcast.
**connectionless:** A datagram is sent to the destination but there is no form of hello or message received. The destination machine must be configured to be able to receive datagrams.
**connection-orineted:** A session is created between two names \(it can even be between two names of the same machine\) if a received or error message is sent.
**NetBEUI** really consists of NetBIOS over NetBEUI which is a network and transport protocol that leads to NetBIOS, it was fast but very noisy because it broadcast a lot, you can also have SMB over NetBEUI but it's more normal than NetBIOS run over TCP.
It is basically a database of objects with information such as users, groups, privileges and resources that is accessible from the network \(through a domain\) so that said information can be accessed and managed centrally.
Server that saves objects. These objects are visible on the network through a domain. A domain can have within it its server where it is implemented, groups, users...
In this way, the management of users of a network is centralized, since the users that can be logged in can be generated on this server, with the permissions they have to know if they can access certain network resources and thus all this can be controlled a simple way.
In this way you can consult the directory with a username and obtain information such as email or phone number. You can also make general inquiries such as: where are the printers? What are the domain names?
<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
