The Visual, Step by Step netbios hack      http://neworder.box.sk/iceberg_slim Written by:iceberg_slim This tutorial is intended for novice or intermediate computer users looking to exploit Microsoft printer and file sharing, also known as netbios (network basic input/output system). This tutorial will cover the steps in exploiting netbios if your using windows 9x or windows 2000/XP. To keep the interest of the reader and dumb people who cant understand text, screen shots will also be shown for every step in the procedure. Each step will show procedures in windows 9x and windows 2000. The assumption that you know basic DOS commands and the function of IP addresses and file sharing is recommended. You will not need any extra tools, they are all provided with a default windows installation. If you want to enable your file & printing sharing..Go to my computer,Control panel then open the network section.then click on the file and printing button... Steps 1. Check if IP or host has netbios enabled 2. Input IP and relating sharename into HOSTS file 3. Find computer 4. If share is password protected, use resources to get around protection. 5. 0wn the b0x! 1. Before even trying anything with netbios, you must have netbios enabled and you must have file sharing enabled. First we must determine if the remote computer has netbios enabled, because without netbios being enabled on your computer and the remote computer, none of the following will be able to happen. To check the remote computers netbios status, DOS has a utility just for that, NBTSTAT.EXE In win9x/ME, it's located at \windows In windows 2000/XP, it's located at \winnt\system32 Nbtstat is run from the DOS prompt only, just open a DOS prompt and type in "nbtstat", no quotes, but to find out if the remote computer is exploitable and if we can access it, we use a certain nbtstat command, "nbtstat -A ip address",no quotes. If the command returns an output of "host not found", either the remote computer does not have file sharing enabled or the host is not responding to that command. But if the command returns a list, then the command was successful and netbios is enabled. success here The listing you now get might be confusing but we are only really looking for a certain thing here. The <20> shows that the remote computer has file sharing enabled among other things. Other services listed might be the messenger service and the name of the currently logged on user. The name in front of the <20> is the sharename; this is basically what is needed to now gain access to the computer. 2. Now that we have the IP and the sharename of the computer, we can now move on to putting those into the HOSTS file. The HOSTS file is a file that windows looks at when it does any network translations from IP to netbios name and vice versa. Windows will always look at the HOSTS file before it looks any where else to translate, if windows finds the IP and netbios name its looking for, it doesn't go searching anywhere else like a central server. The HOSTS file has no file extension in windows; its simply just called "HOSTS". in 9x/ME, its located at \WINDOWS in 2000/XP, its located at \WINDOWS\system32\drivers\etc Don't freak out if its not found because on a default installation of windows, there is no HOSTS file, you have to make one. It's very easy, just browse to the directory of where its supposed to be located and right click and go to new > text document, save it in the directory as "HOSTS", no quotes, now you have a HOSTS file. Make sure the file does not have a ".txt" extension, remember that the file just needs to be named "HOSTS". Windows may ask you to confirm that you want to have the file with no extension, this is ok and correct. Now go back and get the IP and sharename you just found, insert the IP first and then a space and insert the sharename. as shown here in this screenshot. After the IP and sharename are in the HOSTS file, click file > save. Now it's time to see if we can actually get in. 3. On win9x/me systems go to start > search > find computer. On windows 2000 its the same, but for XP you go to start > search > file or folders, then click the label on the left hand side called "computers or people". Enter the IP of the remote computer and search for it, it should show up on the list and you double click the computer to access its shares. Shown here. If a box pops up and asks for a password, then you can use a program called pqwack to brute force the password, it may take time to break the password. But mostly you will not encounter a password box; I personally have only encountered 1 out of dozens. Now you can browse freely the shared hard drive or share. When browsing, it's very slow, because of latency and windows has a flaw with task schedule it slows down network browsing when using netbios, task schedule checks the remote computer for any tasks at hand. Just let windows explorer take the information off of the remote computer, it may take time, but it's very easy now to see what's on the remote computer. On some windows 2000 and windows NT systems, certain directories are not accessible due to restrictions to browsing local directories, you may try to open the windows directory and get a box saying that the directory is off limits and due to administrator restrictions you cannot open the directory. the ENTIRE C drive is shared to the internet! So now you have pretty much owned the box and can do anything. Deltree it and see if I care. Peace. Iceberg Slim does not condone nor endorse malicious intent derived from this material. User discretion is advised. Salutations = everyone and anyone @ www.fromadia.com , drew, bakesnake, the big bad tunafish, squire James (Just cause he propped me in his writing), sc00by_f00, aj, stroker, ETC ETC, too long to list.