NetBIOS Hacking

[ArkNinja]

Hello all,

I was looking into NetBIOS hacking, and attempted to do it on an XP Box, and I was successful to connect to it, and I had full samba control. Now I am wonder how this could do any damage, because as far as I could tell, you cannot execute programs with samba, so it is essentially like FTP. I was thinking you could maybe add something to the start-up folder in the Start Menu and have it execute something on system start up like spawning a shell or VNC access. I was wondering what all of your views on this.

./Ark

[corcrash]

Well if u have access to the file system, u could download pwd files, upload backdoors... And now just imagine what else...

[WhollyMindless]

It's not really "hacking" if you're connecting to a publicly available service. I guess if they're dumb enough to give you write access to their startup directory but it's hardly a "bitchen hack".

[Brian Sierakowski]

Hello all,

I was looking into NetBIOS hacking, and attempted to do it on an XP Box, and I was successful to connect to it, and I had full samba control. Now I am wonder how this could do any damage, because as far as I could tell, you cannot execute programs with samba, so it is essentially like FTP. I was thinking you could maybe add something to the start-up folder in the Start Menu and have it execute something on system start up like spawning a shell or VNC access. I was wondering what all of your views on this.

./Ark

You might find this interesting: http://www.tazforum.thetazzone.com/viewtopic.php?t=3613

[ArkNinja]

You would be surprised how many systems are compromised by this, you can upload/download files to the computer without knowledge of the computer operator/owner. The only issue with it from a hackers perspective is that Microsoft (for once) made it secure by not allowing programs to be executed from within the Samba command line. What I did to see the potential of this is to upload a Windows Shortcut file to the C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder and upload a backdoor to the drive and I pointed the shortcut to the backdoor so that on system startup it starts the backdoor. This means I have actual access to the machine, not just read/write access.

[Brian Sierakowski]

You would be surprised how many systems are compromised by this, you can upload/download files to the computer without knowledge of the computer operator/owner. The only issue with it from a hackers perspective is that Microsoft (for once) made it secure by not allowing programs to be executed from within the Samba command line. What I did to see the potential of this is to upload a Windows Shortcut file to the C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder and upload a backdoor to the drive and I pointed the shortcut to the backdoor so that on system startup it starts the backdoor. This means I have actual access to the machine, not just read/write access.

Well, I don't think anyone in 2009 is surprised by a netbios exploit, but I understand what you're saying :).

One thing I've done to protect myself is to dual home all of my machines, keeping a "local" VLAN and an "internet" VLAN, that way we can do file sharing and generally insecure things on our class A network, and just keep strictly TCP/IP on our class C network.

[ArkNinja]

The thing is that this 'feature' is enabled by default on XP and lower as far as I can tell (maybe Vista too), so there is a plethora of available targets for this, although you really would need to be on their network for this exploit to work due to the fact that I doubt anyone has the NetBIOS port forwarded. Pineapple anyone?