Tweet
NetBIOS is a unique 16 byte ASCII character string in place to identify network devices over TCP/IP. The first 15 bytes are used for the device name and the last byte is containing a character reserved for the service or name record type. An attacker can use this to list computers that belong to a Microsoft Windows domain, list shares of individual hosts, verify policies and passwords. This is an IPv4 only functionality meaning IPv6 does not support this.
Information is often collected using the Microsoft Windows build-in nbtstat utility that displays NetBIOS over TCP/IP statistics, NetBIOS name tables for local and remote hosts and the NetBIOS name cache.
| Name | NetBIOS Code | Type | Information |
| <hostname> | <00> | UNIQUE | Hostname |
| <domain> | <00> | GROUP | Domain Name |
| <hostname> | <03> | UNIQUE | Messenger service for host |
| <username> | <03> | UNIQUE | Messenger service for user |
| <hostname> | <20> | UNIQUE | Server service running |
| <domain> | <1D> | GROUP | Master browser name for subnet |
| <domain> | <1B> | UNIQUE | Domain master browser name (PDC) |
Information is often collected using the Microsoft Windows build-in nbtstat utility that displays NetBIOS over TCP/IP statistics, NetBIOS name tables for local and remote hosts and the NetBIOS name cache.