Tools:
Windows target and attacker(i don”t know if this attack work on Linux or other os)

First we need to choose a target we will consider our target to be a friend from the same LAN who own BOX666

Step 1:
open cmd
start->run->cmd->enter

Step 2:
Now we need to gather info about our target BOX666 to do this we will do a net view command

c:>net view

We do this to see all computers from our LAN

Without scanning the host for open ports we can see if our target is vulnerable to NetBIOS attack and have Printer and Files Sharing activate. We use the nbtstat command. but we need the ip address not the box name so we will ping our target

c:>ping BOX666

After the pinging process end we have our target ip let’s say 1.1.1.1

Now we can use nbtstat command

c:>nbtstat -A 1.1.1.1

Now we get a list of some starnge data all what we are looking for is this:

<20>

This is a hex number who tell us that the BOX666 is vulnerable. Now we need to connect to target but if we connect what we can take. To gather information about shared files on BOX666 we use net view command

c:>net view 1.1.1.1

Now we have a list of shared files. Sometimes stupid users share a full partition or all partitions even the one where Windows is installed >:)

Step 3:
Now let”s connect using net use command

c:\>net use x: \\1.1.1.1shared_item

With this command we have created an network driver. To download data, upload data you can use cmd or windows explorer(recommended)

Step 4:
After you have done your job close the connection by using net use command

c:>net use x: /d

Now the network driver is gone

Congrats now you know how to do a NetBIOS Attack.

1. nmap – Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto – Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap – Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal – Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra – Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework – The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper – John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus – Nessus is the world’s most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world’s largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS – Internetwork Routing Protocol Attack Suite – Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack – RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.