第十九課:基于netbios發(fā)現(xiàn)內(nèi)網(wǎng)存活主機(jī)
專注APT攻擊與防御
https://micropoor.blogspot.com/

netbios簡介:
IBM公司開發(fā),主要用于數(shù)十臺計算機(jī)的小型局域網(wǎng)。該協(xié)議是一種在局域網(wǎng)上的程序可以使用的應(yīng)用程序編程接口(API),為程序提供了請求低級服務(wù)的同一的命令集,作用是為了給局域網(wǎng)提供網(wǎng)絡(luò)以及其他特殊功能。
系統(tǒng)可以利用WINS服務(wù)、廣播及Lmhost文件等多種模式將NetBIOS名-——特指基于NETBIOS協(xié)議獲得計算機(jī)名稱——解析為相應(yīng)IP地址,實現(xiàn)信息通訊,所以在局域網(wǎng)內(nèi)部使用NetBIOS協(xié)議可以方便地實現(xiàn)消息通信及資源的共享。

nmap掃描:
root@John:~# nmap -sU --script nbstat.nse -p137 192.168.1.0/24 -T4
msf掃描:
msf > use auxiliary/scanner/netbios/nbname
nbtscan掃描:
項目地址:http://www.unixwiz.net/tools/nbtscan.html
Windows:
D:>nbtscan-1.0.35.exe -m 192.168.1.0/24
D:>nbtstat -n (推薦)
Linux:
(推薦)

root@John:~/Desktop/nbtscan# tar -zxvf ./nbtscan-source-1.0.35.tgz (1.5.1版本在附錄)
root@John:~/Desktop/nbtscan# make
root@John:~/Desktop/nbtscan# nbtscan -r 192.168.1.0/24
root@John:~/Desktop/nbtscan# nbtscan -v -s: 192.168.1.0/24
NetBScanner:
項目地址:https://www.nirsoft.net/utils/netbios_scanner.html
附錄:
nbtscan:
鏈接:https://pan.baidu.com/s/1hs8ckmg 密碼:av40
NBTscan version 1.5.1. Copyright (C) 1999-2003 Alla Bezroutchko.
This is a free software and it comes with absolutely no warranty.
You can use, distribute and modify it under terms of GNU GPL.

Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m
retransmits] (-f filename)|(<scan_range>)
-v verbose output. Print all names received

from each host

-d dump packets. Print whole packet contents.

-e Format output in /etc/hosts format.
-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response.

Default 1000.

-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don't get dropped.

-r use local port 137 for scans. Win95 boxes

respond to this only.
You need to be root to use this option on Unix.

-q Suppress banners and error messages,
-s separator Script-friendly output. Don't print

column and record headers, separate fields with separator.

-h Print human-readable names for services.

Can only be used with -v option.
-m retransmits Number of retransmits. Default 0.
-f filename Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
<scan_range> what to scan. Can either be single IP

like 192.168.1.1 or
range of addresses in one of two forms:
xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.

Examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G

192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.

NBTscan version 1.5.1:
項目地址:https://github.com/scallywag/nbtscan

Micropoor
?