NetBIOS or Network Basic Input Output System is an API that allows applications on a local area network (LAN) to communicate with another computer and share files or another resource. In General, NetBIOS is active by default, since it is an integrated component to the system, its main use is associated with directory sharing, which together with SMB enables the possibility of communicating two computers to send and receive files.
In a NetBIOS network, computers receive several values that make them unique. Most of the data that is assigned to a PC could be associated with the services, configuration, and many other details, so since NetBIOS is widely used joined with the type information that we could get, makes NetBIOS a potential target. In this lesson, we going to analyze the NetBIOS service and see what type of information we can get.
Enumerating NetBIOS services:
In this Lab, we will configure 2 virtual machines, a W7 as a victim machine (192.168.122.157/24) and our ubuntu-infosecaddicts as the local machine to collect information.
Scanning with Nmap
sudo nmap -sS -O 192.168.122.157
we can see the port 139/tcp belong to netbios-ssn, the standar port for NetBIOS are UDP port 137 (name services), UDP port 138 (datagram services) and TCP port 139 (session services).
Now, we can focus or analysis to the port 139/tcp, run the command:
sudo nmap -sS -O 192.168.122.157 -p139
As we can check, the W7 victim is running a NetBIOS service. The Next step is to research about what type of service this machine are sharing.
Scanning with nbtscan
Once we detect the NetBIOS service, we need to obtain as many details as possible, to achieve this task we can use the nbtscan tool, that is a program for scanning networks for searching NetBIOS information.
$sudo apt search nbtscan
sudo apt install nbtscan
With the -h attribute we can see the available options when executing the nbtscan command