hacktricks/network-services-pentesting/137-138-139-pentesting-netbios.md

# 137,138,139 - Pentesting NetBios

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## NetBios Name Service

**NetBIOS Name Service** igra ključnu ulogu, uključujući razne usluge kao što su **registracija i razrešenje imena**, **distribucija datagrama** i **sesijske usluge**, koristeći specifične portove za svaku uslugu.

[From Wikidepia](https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP):

* Usluga imena za registraciju i razrešenje imena (portovi: 137/udp i 137/tcp).
* Usluga distribucije datagrama za komunikaciju bez veze (port: 138/udp).
* Sesijska usluga za komunikaciju orijentisanu na vezu (port: 139/tcp).

### Usluga imena

Da bi uređaj učestvovao u NetBIOS mreži, mora imati jedinstveno ime. To se postiže kroz **broadcast proces** gde se šalje paket "Name Query". Ako nema prigovora, ime se smatra dostupnim. Alternativno, može se direktno upitati **Name Service server** da proveri dostupnost imena ili da razreši ime u IP adresu. Alati kao što su `nmblookup`, `nbtscan` i `nmap` se koriste za enumeraciju NetBIOS usluga, otkrivajući imena servera i MAC adrese.
```bash
PORT    STATE SERVICE    VERSION
137/udp open  netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)
```
Enumeracijom NetBIOS usluge možete dobiti imena koja server koristi i MAC adresu servera.
```bash
nmblookup -A <IP>
nbtscan <IP>/30
sudo nmap -sU -sV -T4 --script nbstat.nse -p137 -Pn -n <IP>
```
### Datagram Distribution Service

NetBIOS datagrami omogućavaju komunikaciju bez veze putem UDP-a, podržavajući direktno slanje poruka ili emitovanje svim mrežnim imenima. Ova usluga koristi port **138/udp**.
```bash
PORT    STATE         SERVICE     VERSION
138/udp open|filtered netbios-dgm
```
### Session Service

Za interakcije orijentisane na konekciju, **Session Service** olakšava razgovor između dva uređaja, koristeći **TCP** konekcije preko porta **139/tcp**. Sesija počinje sa "Session Request" paketom i može se uspostaviti na osnovu odgovora. Usluga podržava veće poruke, detekciju grešaka i oporavak, pri čemu TCP upravlja kontrolom protoka i ponovnim slanjem paketa.

Prenos podataka unutar sesije uključuje **Session Message pakete**, a sesije se završavaju zatvaranjem TCP konekcije.

Ove usluge su sastavni deo **NetBIOS** funkcionalnosti, omogućavajući efikasnu komunikaciju i deljenje resursa preko mreže. Za više informacija o TCP i IP protokolima, pogledajte njihove odgovarajuće [TCP Wikipedia](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) i [IP Wikipedia](https://en.wikipedia.org/wiki/Internet_Protocol) stranice.
```bash
PORT      STATE SERVICE      VERSION
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
```
**Pročitajte sledeću stranu da biste saznali kako da enumerišete ovu uslugu:**

{% content-ref url="137-138-139-pentesting-netbios.md" %}
[137-138-139-pentesting-netbios.md](137-138-139-pentesting-netbios.md)
{% endcontent-ref %}

## HackTricks Automatske Komande
```
Protocol_Name: Netbios    #Protocol Abbreviation if there is one.
Port_Number:  137,138,139     #Comma separated if there is more than one.
Protocol_Description: Netbios         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for NetBios
Note: |
Name service for name registration and resolution (ports: 137/udp and 137/tcp).
Datagram distribution service for connectionless communication (port: 138/udp).
Session service for connection-oriented communication (port: 139/tcp).

For a device to participate in a NetBIOS network, it must have a unique name. This is achieved through a broadcast process where a "Name Query" packet is sent. If no objections are received, the name is considered available. Alternatively, a Name Service server can be queried directly to check for name availability or to resolve a name to an IP address.

https://book.hacktricks.xyz/pentesting/137-138-139-pentesting-netbios

Entry_2:
Name: Find Names
Description: Three scans to find the names of the server
Command: nmblookup -A {IP} &&&& nbtscan {IP}/30 &&&& nmap -sU -sV -T4 --script nbstat.nse -p 137 -Pn -n {IP}
```
{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Podržite HackTricks</summary>

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
{% endhint %}
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`# 137,138,139 - Pentesting NetBios`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<summary>Support HackTricks</summary>`
arte 2024-02-03 01:15:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`## NetBios Name Service`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`NetBIOS Name Service igra ključnu ulogu, uključujući razne usluge kao što su registracija i razrešenje imena, distribucija datagrama i sesijske usluge, koristeći specifične portove za svaku uslugu.`
a 2024-02-08 21:36:35 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`[From Wikidepia](https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP):`
a 2024-02-08 21:36:35 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Usluga imena za registraciju i razrešenje imena (portovi: 137/udp i 137/tcp).`
Translated to Serbian 2024-02-10 13:11:20 +00:00			`* Usluga distribucije datagrama za komunikaciju bez veze (port: 138/udp).`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Sesijska usluga za komunikaciju orijentisanu na vezu (port: 139/tcp).`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`### Usluga imena`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			Da bi uređaj učestvovao u NetBIOS mreži, mora imati jedinstveno ime. To se postiže kroz broadcast proces gde se šalje paket "Name Query". Ako nema prigovora, ime se smatra dostupnim. Alternativno, može se direktno upitati Name Service server da proveri dostupnost imena ili da razreši ime u IP adresu. Alati kao što su `nmblookup`, `nbtscan` i `nmap` se koriste za enumeraciju NetBIOS usluga, otkrivajući imena servera i MAC adrese.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`PORT STATE SERVICE VERSION`
			`137/udp open netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Enumeracijom NetBIOS usluge možete dobiti imena koja server koristi i MAC adresu servera.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nmblookup -A <IP>`
			`nbtscan <IP>/30`
			`sudo nmap -sU -sV -T4 --script nbstat.nse -p137 -Pn -n <IP>`
			```
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`### Datagram Distribution Service`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`NetBIOS datagrami omogućavaju komunikaciju bez veze putem UDP-a, podržavajući direktno slanje poruka ili emitovanje svim mrežnim imenima. Ova usluga koristi port 138/udp.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`PORT STATE SERVICE VERSION`
			`138/udp open\|filtered netbios-dgm`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`### Session Service`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Za interakcije orijentisane na konekciju, Session Service olakšava razgovor između dva uređaja, koristeći TCP konekcije preko porta 139/tcp. Sesija počinje sa "Session Request" paketom i može se uspostaviti na osnovu odgovora. Usluga podržava veće poruke, detekciju grešaka i oporavak, pri čemu TCP upravlja kontrolom protoka i ponovnim slanjem paketa.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Prenos podataka unutar sesije uključuje Session Message pakete, a sesije se završavaju zatvaranjem TCP konekcije.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Ove usluge su sastavni deo NetBIOS funkcionalnosti, omogućavajući efikasnu komunikaciju i deljenje resursa preko mreže. Za više informacija o TCP i IP protokolima, pogledajte njihove odgovarajuće [TCP Wikipedia](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) i [IP Wikipedia](https://en.wikipedia.org/wiki/Internet_Protocol) stranice.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`PORT STATE SERVICE VERSION`
			`139/tcp open netbios-ssn Microsoft Windows netbios-ssn`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Pročitajte sledeću stranu da biste saznali kako da enumerišete ovu uslugu:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GITBOOK-3784: No subject 2023-02-16 13:50:15 +00:00			`{% content-ref url="137-138-139-pentesting-netbios.md" %}`
			`[137-138-139-pentesting-netbios.md](137-138-139-pentesting-netbios.md)`
GitBook: [#2828] update desync 2021-11-05 20:59:42 +00:00			`{% endcontent-ref %}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`## HackTricks Automatske Komande`
GitBook: [#2828] update desync 2021-11-05 20:59:42 +00:00			```
HAC 137 2021-08-12 12:41:39 +00:00			`Protocol_Name: Netbios #Protocol Abbreviation if there is one.`
			`Port_Number: 137,138,139 #Comma separated if there is more than one.`
			`Protocol_Description: Netbios #Protocol Abbreviation Spelled out`

HAC 137 2021-08-17 19:22:41 +00:00			`Entry_1:`
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Name: Notes`
			`Description: Notes for NetBios`
			`Note: \|`
			`Name service for name registration and resolution (ports: 137/udp and 137/tcp).`
			`Datagram distribution service for connectionless communication (port: 138/udp).`
			`Session service for connection-oriented communication (port: 139/tcp).`
HAC 137 2021-08-17 19:22:41 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`For a device to participate in a NetBIOS network, it must have a unique name. This is achieved through a broadcast process where a "Name Query" packet is sent. If no objections are received, the name is considered available. Alternatively, a Name Service server can be queried directly to check for name availability or to resolve a name to an IP address.`
HAC 137 2021-08-17 19:22:41 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`https://book.hacktricks.xyz/pentesting/137-138-139-pentesting-netbios`
HAC 137 2021-08-17 19:22:41 +00:00
			`Entry_2:`
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Name: Find Names`
			`Description: Three scans to find the names of the server`
			`Command: nmblookup -A {IP} &&&& nbtscan {IP}/30 &&&& nmap -sU -sV -T4 --script nbstat.nse -p 137 -Pn -n {IP}`
HAC 137 2021-08-12 12:41:39 +00:00			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% hint style="success" %}`
			`Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<summary>Podržite HackTricks</summary>`
arte 2024-02-03 01:15:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Proverite [planove pretplate](https://github.com/sponsors/carlospolop)!`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili pratite nas na Twitteru 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Podelite hakerske trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% endhint %}`