What is NetBIOS?
NetBIOS stands for Network Basic Input Output System. In basic terms, it’s responsible for managing the internal share of files and printers – but it’s not limited to these functions. For the purpose of this guide, let’s keep it simple. For anyone wanting more information about NetBios, you can find it on Microsoft’s site: https://technet.microsoft.com/en-us/library/cc940063.aspx
By default, NetBios is running on ports: 139tcp, 138udp and 137udp. With NetBios, you can collect info like computer names, usernames, domain goups, etc:
In the previous image, we see the attacking machine on the left (Windows 10) and the victim’s machine on the right (Windows XP).
We know that our victim has NetBios enabled and use the “nbtstat” command to uncover deeper info, including whether sharing is enabled.
We look for a status code of <20>, which means means sharing is on:
With “net view” we can see what the victim is sharing:
We found a printer and a file called ShareDocs.
Finally, let’s use “net use” command to “import” the shared files to our system:
Now remote files will be located in our system.
That is how we can map and import shared files via SMB