No announcement yet.

Enumeration - NetBIOS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Enumeration - NetBIOS

    NetBIOS is a unique 16 byte ASCII character string in place to identify network devices over TCP/IP. The first 15 bytes are used for the device name and the last byte is containing a character reserved for the service or name record type. An attacker can use this to list computers that belong to a Microsoft Windows domain, list shares of individual hosts, verify policies and passwords. This is an IPv4 only functionality meaning IPv6 does not support this.

    Name NetBIOS Code Type Information
    <hostname> <00> UNIQUE Hostname
    <domain> <00> GROUP Domain Name
    <hostname> <03> UNIQUE Messenger service for host
    <username> <03> UNIQUE Messenger service for user
    <hostname> <20> UNIQUE Server service running
    <domain> <1D> GROUP Master browser name for subnet
    <domain> <1B> UNIQUE Domain master browser name (PDC)

    Information is often collected using the Microsoft Windows build-in nbtstat utility that displays NetBIOS over TCP/IP statistics, NetBIOS name tables for local and remote hosts and the NetBIOS name cache.
    Certified Security Geek