Jump to content

NetBios - "Host on found"


Masquerade

Recommended Posts

Hey everyone.

Im trying to get access on a computer via NetBIOS.

I successfully got the IP adress. I can also send a ping to this computer:

(X stand for the IP adress)

benjamin@moser-linux:~$ ping XX.XXX.XXX.XXX

PING 84.157.109.236 (84.157.109.236) 56(84) bytes of data.
64 bytes from 84.157.109.236: icmp_seq=1 ttl=59 time=381 ms
64 bytes from 84.157.109.236: icmp_seq=2 ttl=59 time=370 ms
64 bytes from 84.157.109.236: icmp_seq=3 ttl=59 time=376 ms

and so on and so on...

So when i execute "nbtstat -a XX.XXX.XXX.XXX", it says 'host not found - system error'.

Resulting of the successful ping, i guess that the computer is online. Data and Printer Sharing is also enabled, but nbtstat seems not to be possible. Can someone help me with that?

Thanks!

benny

Link to comment
Share on other sites

I thought nbtstat was only going to tell you statistics about already connected machines on your network??

Is netbios protocol even enabled on the target machine? Do you know for a fact that its running? A ping does nothing other than telling you the device is online. It does nothing to confirm Netbios is even enabled. If nbtstat says it can't find it, then it can't find a machine with netbios running at that address (Your command using -a should have been -A for IP addresses. At least, under windows it is. Not sure what the command switches are for linux).

Do you have samba running on linux?

Its not just a matter of having file sharing enabled on your end. The service must be running as well as allowed under TCP/IP Settings, plus make sure the firewall is not blocking the ports 135,137-139 and 445 on the targetted machine.(as well as yours). Is the target machine even windows?

BTW, you didn't exactly hide the ip address with your xx.xxx.xxx.xxx

84.157.109.236 was in the post if you didn't notice. (I assume you are not conecting to one of your own machines) It's a machine in Germany. Where do you live? Chances are someone is behind a router running NAT and it will most likely stop you right there in trying to connect over netbios. If it were directly connected to the internet and the ISP's aren't blocking any netbios ports, and the machine is set up for netbios, you might be able to see the targetted machine over the internet, but you would most likely need to be on the same LAN to see it.

For linux help, you can try the samba handbook: http://us1.samba.org/samba/docs/man/Samba-....html#id2545275

and nmblookup man file: http://gd.tuwien.ac.at/linuxcommand.org/ma...nmblookup1.html

I think you can try the nmblookup command to see if the netbios server is running on the targeted machine.

Link to comment
Share on other sites

I thought it could be used only on a LAN.

Thats what I thought too but I'm not 100% sure about that. Hackers seem to be breaking into windows machines all the time over ports 135 and 137-139 from the internet.

Link to comment
Share on other sites

I sent the ping from a Linux Machine, because i didnt want to boot Windows just to do this. Samba is not running on my Linux System. Im doing the actual work on a Windows OS, the target machine is a dell also with Windows XP.

Unfortunately i am not really familiar with security&hacking, in fact i am a total newbie and trying to get into this. I followed an explanation where is said that you can get access to a computers Hard Drive via NetBIOS using the mentioned ports.

Google Doc // Direct Link

The target computer is part of an intranet. This means, it connects to the internet over a server. Im living in south Germany, yes.

If the NetBIOS way is in fact not usable for this reason; you could tell me any other ways to get access on the hard drive, either over the internet or over a guest account on the target machine.

Link to comment
Share on other sites

You can't edit the topics, just posts, Ask a forum mod to correct it for you.

As for Netbios, do you even know if the target machine has netbios running as well as windows networking and file sharing? Even then, they may not have simple file sharing turned on. You would then need a password to access the share. (It will prompt you for the password if you are able to reach it)

If the machine is not set up for netbios shares, you can't connect to it through netbios anyway. Especially if the ports are blocked by a firewall.

You need to do more digging into the target system to see what ports are open, services are running, what service pack(if possible) and what patches haven't been updated. Then you can try something like metasploit and hope the user will click on something you send them or lure them to some web page to exploit a flaw in their system(if you even know what holes they have in their system).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...