NetBIOS name enumeration

it is already pre-installed in kali and backtrack

We are going to use nbtscan tool to enumeratate NetBIOS names. NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form.

To install it in Ubuntu:

sudo apt-get install nbtscan

How to use it:

Scan just one machine:

nbtscan 192.168.2.15

You will get an answer like this:

Doing NBT name scan for addresses from 192.168.1.15
 
IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.1.15      GEORGE-XXXXXXXX  <server>  <unknown>        XX:XX:XX:XX:XX:XX

Scan a whole network:

nbtscan 192.168.2.0/24

You will get an answer like this:

Doing NBT name scan for addresses from 192.168.2.0/24
 
IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.2.0	Sendto failed: Permission denied
192.168.2.11     XXXXXXXXX                  <unknown>        XX:XX:XX:XX:XX:XX
192.168.2.15      GEORGE-YYYYYYYY  <server>  <unknown>        YY:YY:YY:YY:YY:YY
192.168.2.255	Sendto failed: Permission denied

Other arguments:
-v verbose output. Print all names received
from each host

-d dump packets. Print whole packet contents.

-e Format output in /etc/hosts format.

-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.

-t timeout wait timeout milliseconds for response.
Default 1000.

-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don’t get dropped.

-r use local port 137 for scans. Win95 boxes
respond to this only.
You need to be root to use this option on Unix.

-q Suppress banners and error messages,

-s separator Script-friendly output. Don’t print
column and record headers, separate fields with separator.

-h Print human-readable names for services.
Can only be used with -v option.

-m retransmits Number of retransmits. Default 0.

-f filename Take IP addresses to scan from file filename.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s