___________    ____________    ____  __  ___    ______________
 |\    ____  \  |\    ____   \  |\   \|\ \|\  \  |\_____    ____\
 | \   \__|\  \ | \   \__|\   \ | \   \ \ \ \  \ | |   |\   \   |
 \  \    ___   | \ \    ____   \ \ \   \_| \_|  \ \|___| \   \__|
  \  \   \_|\  \_ \ \   \__|\   \ \ \      _     \      \ \   \
   \  \   \\ \   \ \ \   \ \ \   \ \ \     |\ http://www.haxworx.com
    \  \___\\ \___\ \ \___\ \ \___\ \ \____| \_____\      \ \___\
     \ |   | \ |   | \ |   | \ |   | \ |   |\ |    |       \ |   |
      \|___|  \|___|  \|___|  \|___|  \|___| \|____|        \|___|
                                                           

 Hacking windows 9x/ME netbios with windows 9x/ME        
 Author: BrainRawt                                       
 Email: brainrawt@hotmail.com                            
 Site: http://www.haxworx.com                            

 Updated on 5-11-02

 I know that this has been written about before and i know that it has
 been known for awhile.  I have rewritten this text for easier understanding.

 (the port 139 netbios file sharing exploit)


    SETTING UP WHAT YOU NEED

 1. Go to c:\controlpanel\network
 2. Set the primery network login to "microsoft family login"
 3. Click on file and printer sharing.  check both boxes and reboot.
   (this installs drivers that you need)
 4. After you reboot, go back and remove the checkmarks so this hack doesnt get used on you.
   (dont worry, your drivers wont get deleted)
 5. Reboot again

 Now that we are back up and running.
 connect to the internet and open the dos window

 type at the prompt

 C:\>nbtstat -a ipaddress


        NetBIOS Remote Machine Name Table

    Name               Type         Status
 ---------------------------------------------
 luser          <00>  UNIQUE      Registered
 WORKGROUP      <00>  GROUP       Registered
 luser          <03>  UNIQUE      Registered
 luser          <20>  UNIQUE      Registered
 WORKGROUP      <1E>  GROUP       Registered
 WORKGROUP      <1D>  UNIQUE      Registered
 ..__MSBROWSE__.<01>  GROUP       Registered
 MAC Address = 44-45-53-54-00-00

 This is what you want.  a computer with the <20> 
 ( this means it offers file sharing )

 Now open up your favorite Internet Browser and type
 "file://ipaddress" into the address bar.  

 You should have access if its not password protected.

 ------------------------------------------------
  Protecting Oneself Against this netbios attack
 ------------------------------------------------

 1. If you dont need file and print sharing then disable it by removing the
    check marks from "File and Print Sharing" in c:\control-panel\network.

 2  If you are on a network and have to have File and Print Sharing Enabled
    then i suggest that you get a firewall and filter netbios allowing only
    your internal network to connect.

    You can get the "BlackIce" firewall from "www.networkice.com".

 3. NOTE:  Always use passwords on shared resources.


 

    Source: geocities.com/eljehad1/se

               ( geocities.com/eljehad1)