Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: usenbios.txt

Using NetBIOS

     _|_|_|  _|        _|     _| _|     _|  _|     _|    _|_|_|   _|      _|_|_|
     _|      _|      _|  _|  _| _| _|  _| _| _|  _|  _|  _|   _|  _|      _|
     _|_|    _|      _|_|_|  _|    _|  _|    _|  _|_|_|  _|_|_|   _|      _|_|
     _|      _|      _|  _|  _|    _|  _|    _|  _|  _|  _|   _|  _|      _|
     _|      _|_|_|  _|  _|  _|    _|  _|    _|  _|  _|  _|_|_|   _|_|_|  _|_|_|

                  _|_|_|   _|  _|  _|_|_|  _|_|_|  _|_|_|  _|_|_|
                  _|   _|  _|  _|  _|      _|      _|      _|
                  _|_|_|   _|_|_|  _|_|    _|      _|_|    _|_|_|
                  _|       _|  _|  _|      _|      _|          _|
                  _|       _|  _|  _|_|_|  _|_|_|  _|_|_|  _|_|_|
                        i'll say any damn thing i want.


Title:      |||| Using NetBIOS ||||

Date:       June 25, 1998
Author:     rootwurm


the other day i was talking to a friend and i said something like "yeah, i got in through 
netbios"  he just looked at me like i was retarded.

the fact is, most people either don't care, or don't know about the fun you can have with

another fact is, that netbios runs on port 139.  and if you know ANYTHING about computers,
you know that that is definatly the OOB exploit port.  micro$oft did an awesome OOB patch that

well, actually, i think that was the first patch...newer versions actually fixed the shit and
left 139 open.

ok, here's a quick rundown on what netbios is.. (note:  i'm just telling
you this from memory, some facts are probably a little off....look
elsewhere for an in-depth, technical explantaion.)

netbios lets windoze 95 (l)users share files over an internal network.
The reason i say an internal network is because netbios is non-routable,
meaning it can't "find it's way" around the internet.  It's extremely
fast because it doesn't carry as much overhead (like tcp/ip which has
more overhead so it can be routed)

netbios uses port 113 to get the hostname information and the dir
information, and port 139 is used for the actual connection.

most computers ARE running netbios, and a quick way to find out is to do
a 'netbios statis' on them.  to do that, simply take their hostname
(we'll use (my current ip address) for example)

before you can use nbtstat, you have to make sure your computer is setup
for netbios.  don't worry, when we setup your computer to use netbios,
you won't be vunerable to this 'attack'. the only time you become
vunerable is when you're sharing files.  i'll talk more about this later

to verify that you are setup to use netbios, click on Start > Settings >
Control Panel and double-click the 'network' icon.  you should see a
list of installed adapters and a few clients you are running.  TCP/IP
will be one of them (you couldn't be on the internet without it) and
most likely Client For Microsoft Networks is another.  Check to make
sure NetBEUI is installed, and if it isn't, click on Add and goto
Microsoft, then NetBEUI.

good old WindowsRestart(tm) will ask you for the 95 disk and then say
"you changed something! oh my god! i'm going to have to completely reset
all my settings!! reboot me! reboot me! (or something similar to that

after you've rebooted, double click My Computer and then double-click Dial-Up Networking.
click once on your dial up networking connection, and then click on File and Properties.

click on the Server Types tab and make sure "logon to network" is checked.

once you've made sure all that's right, connect to the net.

now, in the Run box, (on the start menu in win95) type:

	nbtstat -A         (if you have the numerical ip)


        nbtstat -a   (if you don't feel like resolving it)

that should come back with a bunch of names in a 'dos' box.  if it says "host not found." then
that person is either not sharing files, or they don't have win95.

otherwise, it should come back with some names and shit.  the names change from computer to 
computer because everyone names their computer something different.  mine's named JENNY (jenny 
is this chick that lives right down the street and she is GOD!) so we'll use mine for an example.
if you want to find out what your computer is named, or change it, goto the control panel, then
Network, then Identification.

now, in the run box, type 

	notepad c:\windows\lmhosts.

lmhosts DOES NOT HAVE AN EXTENSION BUT IT HAS A PERIOD!  it will ask you to create the file the
first time, just click YEP.

now, in lmhosts, type JENNY

all on one line, with nothing else on that line.

now save it and in the run box type 


be sure you get the right slashes, it makes ALL the difference.  \\ means "it's on the network"
where // means "its on the local drive"

now, if they are offering stuff, it should give you a box much like when you double-click on your
hard drive.   browse at will.

if you get "Please enter a password to make connection \\JENNY\IPC$ then the computer isn't
sharing files.  sorry, but you're s.o.l., move on to your next victim.

if you don't get a box or anything, you can also try typing this in the run box..

	net view \\jenny

it will either show you some stuff that is offered, or tell you that that computer is not
taking requests.  if it gives you some 'shared' resources, try typing


in the run box (where 'resource' is whatever is being shared)

sometimes it will ask you for a password, and most of the time just hitting enter will work.

some other things you can try is just 'ping jenny' to ping, as well as
'telnet jenny' etc....the network will look for 'jenny' on your dns server, and if it doesn't
resolve there, it will check lmhosts

blah, that was confusing, i know, but if i didn't make sense on something, then EMAIL ME! goddamn
it!  you'll never learn if you don't ask! i won't bite you....well, at least i promise not 
to draw blood :-)

NOTE:  messing with netbios isn't as fun as it used to be because microsoft
       disables it be default now.  in win95A it was enabled by default, sharing 
       all drives with no password (if netbeui is installed on the remote machine, 
       which most isp's 'install' disks will put netbeui on)  usually you have to 
       target large corporate networks that aren't technically literate (schools 
       are a great place to start) 

       i'm currently looking into writing a 'backdoor' proggie that will share a 
       users drive but not change the icon.  i've already found the registry 
       entry, i just need to work out a few more kinks.  it'll probably be a while 
       before i get around to making it. 

rootwurm (



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH