-->

  • All About NetBIOS Enumeration

     


     

    NetBIOS  Enumeration



    NetBIOS stands for network basic input output system. IBM developed it along with sytek. The primary intention of NetBIOS was developed as application programming interfae (API) to enable access to LAN resources by the client's software.


    NetBIOS naming convention start with 16-ASCII character string used to identify the network devices over TCP/IP. 15 characters are used for the device name and the 16 characters is reserved for the service or name record type.




    NetBIOS enumeration explained



    NetBIOS software runs on PORT 139 on windows operating system file and printer service needs to be enabled to enumerate NetBIOS over windows operating system.

    An attacker can perform the below on the remote machine.


    1) Choose to read or write to a remote machine depending on the availability of shares.
    2) Launch a Denial of Service (DOS) attack on the remote machine.
    3) Enumerate password policies on the remote machine.



    NetBIOS Enumeration Tools


    The following tables shows the list of toolls to perform NetBIOS Enumeration.

    Name of the tools and web links.

    1) Nbstat - www.technet.microsoft.com

    2) Superscan - https://www.mcafe.com/in/downloads/free-tools/superscan.aspx

    3) Hyena - http://www.systemtools.com/hyena

    4) winfingerprint - http://packetstormsercurity.com/files/38356/winfingerprint-0.6.2.zip.html





    NetBIOS security controls 



    The following are the security controls to prevent NetBIOS enumeration attacks.

    # Minimize the attack surface by minimizing the unnecessary service like server message block (SMB).


    # Remove file and printer sharing in windows OS.




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

    • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.