ArkNinja Posted August 13, 2009 Share Posted August 13, 2009 Hello all, I was looking into NetBIOS hacking, and attempted to do it on an XP Box, and I was successful to connect to it, and I had full samba control. Now I am wonder how this could do any damage, because as far as I could tell, you cannot execute programs with samba, so it is essentially like FTP. I was thinking you could maybe add something to the start-up folder in the Start Menu and have it execute something on system start up like spawning a shell or VNC access. I was wondering what all of your views on this. ./Ark Quote Link to comment Share on other sites More sharing options...
corcrash Posted August 13, 2009 Share Posted August 13, 2009 Well if u have access to the file system, u could download pwd files, upload backdoors... And now just imagine what else... Quote Link to comment Share on other sites More sharing options...
WhollyMindless Posted August 13, 2009 Share Posted August 13, 2009 It's not really "hacking" if you're connecting to a publicly available service. I guess if they're dumb enough to give you write access to their startup directory but it's hardly a "bitchen hack". Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted August 13, 2009 Share Posted August 13, 2009 Hello all, I was looking into NetBIOS hacking, and attempted to do it on an XP Box, and I was successful to connect to it, and I had full samba control. Now I am wonder how this could do any damage, because as far as I could tell, you cannot execute programs with samba, so it is essentially like FTP. I was thinking you could maybe add something to the start-up folder in the Start Menu and have it execute something on system start up like spawning a shell or VNC access. I was wondering what all of your views on this. ./Ark You might find this interesting: http://www.tazforum.thetazzone.com/viewtopic.php?t=3613 Quote Link to comment Share on other sites More sharing options...
ArkNinja Posted August 13, 2009 Author Share Posted August 13, 2009 You would be surprised how many systems are compromised by this, you can upload/download files to the computer without knowledge of the computer operator/owner. The only issue with it from a hackers perspective is that Microsoft (for once) made it secure by not allowing programs to be executed from within the Samba command line. What I did to see the potential of this is to upload a Windows Shortcut file to the C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder and upload a backdoor to the drive and I pointed the shortcut to the backdoor so that on system startup it starts the backdoor. This means I have actual access to the machine, not just read/write access. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted August 13, 2009 Share Posted August 13, 2009 You would be surprised how many systems are compromised by this, you can upload/download files to the computer without knowledge of the computer operator/owner. The only issue with it from a hackers perspective is that Microsoft (for once) made it secure by not allowing programs to be executed from within the Samba command line. What I did to see the potential of this is to upload a Windows Shortcut file to the C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder and upload a backdoor to the drive and I pointed the shortcut to the backdoor so that on system startup it starts the backdoor. This means I have actual access to the machine, not just read/write access. Well, I don't think anyone in 2009 is surprised by a netbios exploit, but I understand what you're saying :). One thing I've done to protect myself is to dual home all of my machines, keeping a "local" VLAN and an "internet" VLAN, that way we can do file sharing and generally insecure things on our class A network, and just keep strictly TCP/IP on our class C network. Quote Link to comment Share on other sites More sharing options...
ArkNinja Posted August 13, 2009 Author Share Posted August 13, 2009 The thing is that this 'feature' is enabled by default on XP and lower as far as I can tell (maybe Vista too), so there is a plethora of available targets for this, although you really would need to be on their network for this exploit to work due to the fact that I doubt anyone has the NetBIOS port forwarded. Pineapple anyone? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.