Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 14:10:41 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/137-138-139-pentesting-netbios.md

101 lines
5.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 137,138,139 - Pentesting NetBios
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## NetBios Name Service
**NetBIOS名称服务**在其中扮演着至关重要的角色,涉及各种服务,如**名称注册和解析**、**数据报分发**和**会话服务**,为每项服务利用特定端口。
[来自维基百科](https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP):
* 用于名称注册和解析的名称服务端口137/udp和137/tcp
* 用于无连接通信的数据报分发服务端口138/udp
* 用于面向连接通信的会话服务端口139/tcp
### 名称服务
为了使设备参与NetBIOS网络它必须具有唯一名称。这是通过**广播过程**实现的,其中发送一个“名称查询”数据包。如果没有收到异议,则该名称被视为可用。或者,可以直接查询**名称服务服务器**以检查名称的可用性或将名称解析为IP地址。工具如`nmblookup`、`nbtscan`和`nmap`被用于枚举NetBIOS服务揭示服务器名称和MAC地址。
```bash
PORT STATE SERVICE VERSION
137/udp open netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)
```
通过枚举 NetBIOS 服务,您可以获取服务器正在使用的名称和服务器的 MAC 地址。
```bash
nmblookup -A <IP>
nbtscan <IP>/30
sudo nmap -sU -sV -T4 --script nbstat.nse -p137 -Pn -n <IP>
```
### 数据报分发服务
NetBIOS 数据报允许通过 UDP 进行无连接通信,支持直接消息传递或广播到所有网络名称。此服务使用端口 **138/udp**
```bash
PORT STATE SERVICE VERSION
138/udp open|filtered netbios-dgm
```
### Session Service
对于面向连接的交互,**Session Service** 通过 **139/tcp** 端口利用 **TCP** 连接促进两个设备之间的对话。会话以 "Session Request" 数据包开始并可以根据响应建立。该服务支持更大的消息、错误检测和恢复TCP 处理流量控制和数据包重传。
会话中的数据传输涉及 **Session Message packets**,会话通过关闭 TCP 连接来终止。
这些服务是 **NetBIOS** 功能的核心,能够在网络中实现高效的通信和资源共享。有关 TCP 和 IP 协议的更多信息,请参阅它们各自的 [TCP Wikipedia](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) 和 [IP Wikipedia](https://en.wikipedia.org/wiki/Internet_Protocol) 页面。
```bash
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
```
**阅读下一页以了解如何枚举此服务:**
{% content-ref url="137-138-139-pentesting-netbios.md" %}
[137-138-139-pentesting-netbios.md](137-138-139-pentesting-netbios.md)
{% endcontent-ref %}
## HackTricks 自动命令
```
Protocol_Name: Netbios #Protocol Abbreviation if there is one.
Port_Number: 137,138,139 #Comma separated if there is more than one.
Protocol_Description: Netbios #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for NetBios
Note: |
Name service for name registration and resolution (ports: 137/udp and 137/tcp).
Datagram distribution service for connectionless communication (port: 138/udp).
Session service for connection-oriented communication (port: 139/tcp).
For a device to participate in a NetBIOS network, it must have a unique name. This is achieved through a broadcast process where a "Name Query" packet is sent. If no objections are received, the name is considered available. Alternatively, a Name Service server can be queried directly to check for name availability or to resolve a name to an IP address.
https://book.hacktricks.xyz/pentesting/137-138-139-pentesting-netbios
Entry_2:
Name: Find Names
Description: Three scans to find the names of the server
Command: nmblookup -A {IP} &&&& nbtscan {IP}/30 &&&& nmap -sU -sV -T4 --script nbstat.nse -p 137 -Pn -n {IP}
```
{% hint style="success" %}
学习与实践 AWS 黑客技术:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks 培训 AWS 红队专家 (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习与实践 GCP 黑客技术:<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks 培训 GCP 红队专家 (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>支持 HackTricks</summary>
* 查看 [**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注** 我们的 **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库提交 PR 来分享黑客技巧。
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink