Lab 1: Perform NetBIOS Enumeration
Lab Scenario
As a professional ethical hacker or penetration tester, your first step in the enumeration
of a Windows system is to exploit the NetBIOS API. NetBIOS enumeration allows you to
collect information about the target such as a list of computers that belong to a target
domain, shares on individual hosts in the target network, policies, passwords, etc. This
data can be used to probe the machines further for detailed information about the
network and host resources.
Lab Objectives
Perform NetBIOS enumeration using Windows command-line utilities
Perform NetBIOS enumeration using NetBIOS Enumerator
Perform NetBIOS enumeration using an NSE Script
Overview of NetBIOS Enumeration
NetBIOS stands for Network Basic Input Output System. Windows uses NetBIOS for file
and printer sharing. A NetBIOS name is a unique computer name assigned to Windows
systems, comprising a 16-character ASCII string that identifies the network device over
TCP/IP. The first 15 characters are used for the device name, and the 16th is reserved
for the service or name record type.
The NetBIOS service is easily targeted, as it is simple to exploit and runs on Windows
systems even when not in use. NetBIOS enumeration allows attackers to read or write to
a remote computer system (depending on the availability of shares) or launch a denial
of service (DoS) attack.
Task 1: Perform NetBIOS Enumeration using Windows
Command-Line Utilities
Nbtstat helps in troubleshooting NETBIOS name resolution problems. The nbtstat
command removes and corrects preloaded entries using several case-sensitive
switches. Nbtstat can be used to enumerate information such as NetBIOS over TCP/IP
(NetBT) protocol statistics, NetBIOS name tables for both the local and remote
computers, and the NetBIOS name cache.
Net use connects a computer to, or disconnects it from, a shared resource. It also
displays information about computer connections.
Here, we will use the Nbtstat, and Net use Windows command-line utilities to perform
NetBIOS enumeration on the target network.
We will use a Windows Server 2019 (10.10.10.19) machine to target a Windows
10 (10.10.10.10) machine.
, 1. Click Windows Server 2019 to switch to the Windows Server
2019 machine.
2. Click Ctrl+Alt+Delete to activate the machine. By
default, Administration user profile is selected, click Pa$$w0rd to paste the
password in the Password field and press Enter to login.
Alternatively, you can also click Pa$$w0rd under Windows Server 2019 machine
thumbnail in the Resources pane or Click Type Text | Type Password button
under Commands (thunder icon) menu.
Networks screen appears, click Yes to allow your PC to be discoverable by other
PCs and devices on the network.
3. Open a Command Prompt window.
Lab Scenario
As a professional ethical hacker or penetration tester, your first step in the enumeration
of a Windows system is to exploit the NetBIOS API. NetBIOS enumeration allows you to
collect information about the target such as a list of computers that belong to a target
domain, shares on individual hosts in the target network, policies, passwords, etc. This
data can be used to probe the machines further for detailed information about the
network and host resources.
Lab Objectives
Perform NetBIOS enumeration using Windows command-line utilities
Perform NetBIOS enumeration using NetBIOS Enumerator
Perform NetBIOS enumeration using an NSE Script
Overview of NetBIOS Enumeration
NetBIOS stands for Network Basic Input Output System. Windows uses NetBIOS for file
and printer sharing. A NetBIOS name is a unique computer name assigned to Windows
systems, comprising a 16-character ASCII string that identifies the network device over
TCP/IP. The first 15 characters are used for the device name, and the 16th is reserved
for the service or name record type.
The NetBIOS service is easily targeted, as it is simple to exploit and runs on Windows
systems even when not in use. NetBIOS enumeration allows attackers to read or write to
a remote computer system (depending on the availability of shares) or launch a denial
of service (DoS) attack.
Task 1: Perform NetBIOS Enumeration using Windows
Command-Line Utilities
Nbtstat helps in troubleshooting NETBIOS name resolution problems. The nbtstat
command removes and corrects preloaded entries using several case-sensitive
switches. Nbtstat can be used to enumerate information such as NetBIOS over TCP/IP
(NetBT) protocol statistics, NetBIOS name tables for both the local and remote
computers, and the NetBIOS name cache.
Net use connects a computer to, or disconnects it from, a shared resource. It also
displays information about computer connections.
Here, we will use the Nbtstat, and Net use Windows command-line utilities to perform
NetBIOS enumeration on the target network.
We will use a Windows Server 2019 (10.10.10.19) machine to target a Windows
10 (10.10.10.10) machine.
, 1. Click Windows Server 2019 to switch to the Windows Server
2019 machine.
2. Click Ctrl+Alt+Delete to activate the machine. By
default, Administration user profile is selected, click Pa$$w0rd to paste the
password in the Password field and press Enter to login.
Alternatively, you can also click Pa$$w0rd under Windows Server 2019 machine
thumbnail in the Resources pane or Click Type Text | Type Password button
under Commands (thunder icon) menu.
Networks screen appears, click Yes to allow your PC to be discoverable by other
PCs and devices on the network.
3. Open a Command Prompt window.
