NBNS
Last updated
Last updated
Link: ΠΎΡΠ΅Π½Ρ ΠΏΠΎΠ΄ΡΠΎΠ±Π½ΠΎ ΠΏΡΠΎ NetBIOS ΠΈ NBNS: https://zer1t0.gitlab.io/posts/attacking_ad/#netbios
NetBIOS Name Service β ΡΡΡΠ°ΡΠ΅Π²ΡΠΈΠΉ ΠΏΡΠΎΡΠΎΠΊΠΎΠ», Π½ΠΎ Π³Π΄Π΅-ΡΠΎ Π΅ΡΠ΅ ΡΠ°Π±ΠΎΡΠ°Π΅Ρ
Π Π°Π±ΠΎΡΠ°Π΅Ρ Π½Π°Π΄ UDP (ΠΎΠ±ΡΡΠ½ΠΎ)
src/dst port 137
ΠΠΎΡΠΌΠΎΡΡΠ΅ΡΡ Π·Π°ΠΏΠΈΡΠΈ Π½Π° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠΉ ΠΌΠ°ΡΠΈΠ½Π΅:
It must be noted that, in case of a broadcast request, any computer can respond to the query, so it allows to an attacker to impersonate the real computer. This is one of the tactics followed by responder.py and Inveigh to collect NTLM hashes.
Also, it must taked into account that NBNS is not used if any other protocol can resolve the name request. The order of preference is the following:
DNS
mDNS
LLMNR
NBNS
Furthermore, it is possible to use this capability to perform a NetBIOS scan in a network and discover machines and services. This can be accomplished with nbtscan or nmap script nbtstat.nse, from both Windows or Linux.