User Tag List

  1. doberso's Avatar
    NetBIOS (Network Basic Input/Output System)
    NetBIOS is a service which allows communication between applications such as a printer or other computer in Ethernet or token ring network via NetBIOS name.

    NetBIOS name is 16 digits long character assign to a computer in the workgroup by WINS for name resolution of an IP address into NETBIOS name.

    Workgroup VS Domain
    Workgroup: It is a peer-to-peer network for a maximum of 10 computers in the same LAN or subnet. It has no Centralized Administration, which means no computer has control over another computer. Each user controls the resources and security locally on their system.

    Domain: It is a client/server network for up to 2000 computers anywhere in the world. The administrator manages the domain and its users and resources. A user with an account on the domain can log onto any computer system, without having the account on that computer.

    NetBIOS provides three distinct services:

    Name service (NetBIOS-NS) for name registration and resolution via port 137.
    Datagram distribution service (NetBIOS-DGM) for connection less communication via port 138.
    Session service (NetBIOS-SSN) for connection-oriented communication via port 139.
    Port Protocol Service
    135 TCP MS-RPC endpoint mapper
    137 UDP NetBIOS Name Service
    138 UDP NetBIOS Datagram Service
    139 TCP NetBIOS Session Service
    445 TCP SMB Protocol
    Port 135: it is used for Microsoft Remote Procedure Call between client and server to listen to the query of the client. Basically, it is used for communication between client- client and server -client for sending messages.

    Port 137: the name service operates on UDP port 137. The name service primitives offered by NetBIOS are:

    Add name – registers a NetBIOS name.
    Add group name – registers a NetBIOS “group” name.
    Delete name – un-registers a NetBIOS name or group name.
    Find name – looks up a NetBIOS name on the network.
    Port 138: Datagram mode is connectionless; the application is responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138. The datagram service primitives offered by NetBIOS are:

    Send Datagram – send a datagram to a remote NetBIOS name.
    Send Broadcast Datagram – send a datagram to all NetBIOS names on the network.
    Receive Datagram – wait for a packet to arrive from a Send Datagram operation.
    Receive Broadcast Datagram – wait for a packet to arrive from a Send Broadcast Datagram operation.
    Port 139: Session mode lets two computers establish a connection, allows messages to span multiple packets, and provides error detection and recovery. In NBT, the session service runs on TCP port 139.

    The session service primitives offered by NetBIOS are:

    Call – opens a session to a remote NetBIOS name.
    Listen – listen for attempts to open a session to a NetBIOS name.
    Hang Up – close a session.
    Send – sends a packet to the computer on the other end of a session.
    Send No Ack – like Send, but doesn’t require an acknowledgment.
    Receive – wait for a packet to arrive from a Send on the other end of a session.
    Port 445: It is used for SMB protocol (server message block) for sharing file between different operating system i.e. windows-windows, Unix-Unix and Unix-windows.

    For mail details read our previous article given below:-

    Penetration Testing in SMB Protocol using Metasploit
    4 Ways to Hack SMB Login Password
    4 ways to Connect Remote PC using SMB Port
    Hack Remote Windows PC using DLL Files (SMB Delivery Exploit)
    Scanning open port for NETBIOS Enumeration

    We are using nmap for scanning target network for open TCP and UDP ports and protocol.

    nmap -sT -sU 192.168.1.128
    From the given image you can see that from the result of scan we found port 137 is open for NetBIOS name services, moreover got MAC address of target system.
    2022-05-19 03:00 PM
  2. doberso's Avatar
    Hi everyone! I just wanted to leave here a link that may be helpful to many users. If you want to find out more about darknet and other related things, you can visit t.me/lookupsalazar . I have been using this resource for several months now, and the guys were able to help me really fast. Anyway, you can contact them anyway to check if they can help you.
    2022-05-20 04:34 PM

Tags for this Thread

LINK TO POST COPIED TO CLIPBOARD