Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 05:03:35 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/137-138-139-pentesting-netbios.md

101 lines
6.2 KiB
Markdown
Raw Blame History

# 137,138,139 - Pentesting NetBios
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## NetBios Naamdiens
**NetBIOS Naamdiens** speel 'n belangrike rol, wat verskeie dienste insluit soos **naamregistrasie en -oplossing**, **datagramverspreiding**, en **sessiedienste**, wat spesifieke poorte vir elke diens gebruik.
[From Wikidepia](https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP):
* Naamdiens vir naamregistrasie en -oplossing (poorte: 137/udp en 137/tcp).
* Datagramverspreidingsdiens vir verbindinglose kommunikasie (poort: 138/udp).
* Sessiediens vir verbindingsgeoriënteerde kommunikasie (poort: 139/tcp).
### Naamdiens
Vir 'n toestel om aan 'n NetBIOS-netwerk deel te neem, moet dit 'n unieke naam hê. Dit word bereik deur 'n **uitlegproses** waar 'n "Naamnavraag" pakket gestuur word. As daar geen besware ontvang word nie, word die naam as beskikbaar beskou. Alternatiewelik kan 'n **Naamdiensbediener** direk gevra word om naam beskikbaarheid te kontroleer of om 'n naam na 'n IP-adres op te los. Gereedskap soos `nmblookup`, `nbtscan`, en `nmap` word gebruik om NetBIOS-dienste te lys, wat bedienernames en MAC-adresse onthul.
```bash
PORT STATE SERVICE VERSION
137/udp open netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)
```
Enumerering van 'n NetBIOS-diens kan jy die name wat die bediener gebruik en die MAC-adres van die bediener verkry.
```bash
nmblookup -A <IP>
nbtscan <IP>/30
sudo nmap -sU -sV -T4 --script nbstat.nse -p137 -Pn -n <IP>
```
### Datagram Verspreidingsdiens
NetBIOS datagramme stel verbindinglose kommunikasie via UDP in staat, wat direkte boodskappe of uitsendings na alle netwerkname ondersteun. Hierdie diens gebruik poort **138/udp**.
```bash
PORT STATE SERVICE VERSION
138/udp open|filtered netbios-dgm
```
### Session Service
Vir verbindingsgeoriënteerde interaksies fasiliteer die **Session Service** 'n gesprek tussen twee toestelle, wat **TCP** verbindings deur poort **139/tcp** benut. 'n Sessie begin met 'n "Session Request" pakket en kan gevestig word op grond van die antwoord. Die diens ondersteun groter boodskappe, foutdetectie en herstel, met TCP wat vloei beheer en pakket hersending hanteer.
Data-oordrag binne 'n sessie behels **Session Message packets**, met sessies wat beëindig word deur die TCP-verbinding te sluit.
Hierdie dienste is integraal tot **NetBIOS** funksionaliteit, wat doeltreffende kommunikasie en hulpbrondeling oor 'n netwerk moontlik maak. Vir meer inligting oor TCP en IP protokolle, verwys na hul onderskeie [TCP Wikipedia](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) en [IP Wikipedia](https://en.wikipedia.org/wiki/Internet_Protocol) bladsye.
```bash
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
```
**Lees die volgende bladsy om te leer hoe om hierdie diens te evalueer:**
{% content-ref url="137-138-139-pentesting-netbios.md" %}
[137-138-139-pentesting-netbios.md](137-138-139-pentesting-netbios.md)
{% endcontent-ref %}
## HackTricks Outomatiese Opdragte
```
Protocol_Name: Netbios #Protocol Abbreviation if there is one.
Port_Number: 137,138,139 #Comma separated if there is more than one.
Protocol_Description: Netbios #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for NetBios
Note: |
Name service for name registration and resolution (ports: 137/udp and 137/tcp).
Datagram distribution service for connectionless communication (port: 138/udp).
Session service for connection-oriented communication (port: 139/tcp).
For a device to participate in a NetBIOS network, it must have a unique name. This is achieved through a broadcast process where a "Name Query" packet is sent. If no objections are received, the name is considered available. Alternatively, a Name Service server can be queried directly to check for name availability or to resolve a name to an IP address.
https://book.hacktricks.xyz/pentesting/137-138-139-pentesting-netbios
Entry_2:
Name: Find Names
Description: Three scans to find the names of the server
Command: nmblookup -A {IP} &&&& nbtscan {IP}/30 &&&& nmap -sU -sV -T4 --script nbstat.nse -p 137 -Pn -n {IP}
```
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink