Categories

Recent Comments

Operating System Hacking – NetBIOS

Written by admin on 11 March 2009

You can gather Windows information by poking around with NetBIOS (Network Basic Input/Output System) functions and programs. NetBIOS allows applications to make networking calls and communicate with other hosts within a LAN.

These Windows NetBIOS ports can be compromised if they’re not properly secured:

 UDP ports for network browsing:

• Port 137 (NetBIOS name services)

• Port 138 (NetBIOS datagram services)

 TCP ports for Server Message Block (SMB):

• Port 139 (NetBIOS session services)

• Port 445 (runs SMB over TCP/IP without NetBIOS)

Windows NT doesn’t support port 445.

Hacks

The following hacks can be carried out on unprotected systems running etBIOS.

Unauthenticated enumeration

When you’re performing your unauthenticated tests, you can gather configuration

information about the local or remote systems with either

  •  All-in-one assessment tools, such as LANguard Network Security Scanner.
  •  The nbtstat program that’s built into Windows (nbtstat stands for NetBIOS over TCP/IP Statistics). Figure 11-4 shows information that you can gather from a Windows Server 2003 system with a simple nbtstat query.

Using nbtstat to gather critical Windows information.

nbtstat shows the remote computer’s NetBIOS name table, which you gather by using the nbtstat -A command. This displays the following information:

  1.  Computer name
  2.  Domain name
  3.  Computer’s MAC address

You may even be able to glean the ID of the currently logged user from a Windows NT or Windows 2000 server.

A GUI utility such as LANguard Network Security Scanner isn’t necessary to gather this basic information from a Windows system. The graphical interface offered by commercial software such as this just presents its findings in a prettier fashion!

Shares

Windows uses network shares to share out certain folders or drives on the system so other users can access them across the network. Shares are easy to set up and work very well. However, they’re often misconfigured, allowing hackers and other unauthorized users to access information they shouldn’t be able to get to. You can search for Windows network shares by using the Legion tool. This tool scans an entire range of IP addresses looking for Windows shares. It uses the SMB protocol (TCP port 139) to discover these shares and displays them in a nice graphical fashion sorted by IP address.

Using Legion to scan your network for Windows shares.

The shares are just what hackers are looking for — especially because the share names give hackers a hint at what type of files might be available if they connect   to the shares. After hackers discover these shares, they’re likely to dig a little further to see if they can browse the files and more within the shares.

Countermeasures

You can implement the following security countermeasures to minimize NetBIOS attacks on your Windows systems.

Limit traffic

You can protect your Windows systems from NetBIOS attacks by using some basic network infrastructure protection systems as well as some general Windows security best practices:

 

  • If possible, the best way to protect Windows-based systems from NetBIOS attacks is to put them behind a firewall. 

A firewall isn’t always effective. If the attack comes from inside the network, a network-perimeter-based firewall won’t help.

  • If a perimeter-based firewall won’t suffice, you can protect your Windows hosts by either

• Installing a personal firewall such as BlackICE

This is the simplest and most secure method of protecting a

Windows system from NetBIOS attacks.

• Disabling NetBIOS on your systems.

This often requires disabling Windows file and printer sharing — which may not be practical in a network mixed with Windows 2000, NT, and even Windows 9x systems that rely on NetBIOS for file and printer sharing.

Hidden shares — those with a dollar sign ($) appended to the end of the share name — don’t really help hide the share name. Hackers found out long ago that they can easily get around this form of security by obscurity by using the right methods and tools.

Passwords

If NetBIOS network shares are necessary, make strong passwords mandatory.

With the proper tools, hackers can easily crack NetBIOS passwords across the network. NetBIOS passwords aren’t case sensitive, so they can be cracked more easily than case sensitive passwords that require both capital and small letters. 

 

Windows uses remote procedure call (RPC) and DCE internal protocols to

  •  Communicate with applications and other OSs.
  •  Execute code remotely over a network.

RPC in Windows uses TCP port 135.

RPC exploits can be carried out against a Windows host — perhaps the bestknown being the Blaster worm that reared its ugly head after a flaw was found in the Windows RPC implementation.

Tags: , , , , ,
Posted in Operating System Hacking | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search
SponsoredTweets referral badge

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

Improve the web with Nofollow Reciprocity.