Enumeration: NetBios
If you come across this post but you're unsure about what NetBIOS actually is, take a moment to step back and go through this article (and the Professor Messor video inside) from Networkencyclopedia.com.
Okay cool, so we're on the same page now!
As we go through the resources for NetBIOS enumeration keep the following items in your mind - we're looking for them:
- system names
- usernames
- domains
- printers
- available shares
There are a ton of great tools out there to do NetBIOS enumeration. Just some of the few I found include:
- nbtstat (Windows)
- winfo (Windows)
- winfingerprint (windows)
- nbtscan (Linux)
- smb-nat (Linux)
- Hyena (I have not used this yet but it came recommended)
- smbclient (Linux) - this page is overwhelming to my visual senses, ha, if there is a cleaner one, use it!
- nmap
- smbmap
- crackmapexec
- Autorecon (have not used this yet, it honestly looks awesome)
- msfconsole
- burp (web)
- many others, check this short blog for more.
Keep in mind that msfconsole cannot be used on the OSCP (it can be used on the PNPT). Just like you, I'll be learning to lean on the other available tools.
Also, the list above may not be the best tools to use! If you have others, please share comments with them on my LinkedIn post.
Visual:
One of the best visual aides for me is a checklist. I found a great one on SMB enumeration from 0xdf via a Youtube video that was going over the Network Services TryHackMe module.
The logical progression of a checklist helps create repetition and learning.
Then, someone has created this great Enumeration Quizlet deck for their CEH journey, there are some NetBIOS items in it. Just heads up here, flashcard decks can hit on auditory or read/write depending on how they are used & created!
For anyone tied heavily into visual learning - YouTube videos. See below!
Aural:
YouTube is rich with content. I'll share a few, I'm sure you can find more. Importantly, make sure that if you strongly learn from auditory along with visual, that you find & follow content creators that do this. You will find a ton of videos with heavy music over the talking or just heavy music and no talking (great for the heavy on the visual learners).
TLDR is know how you learn, cater to that.
Videos on various tools mentioned above (these will actually trigger a few types of learning, take notes & read the slides where applicable):
7 Minute Security has some great podcast episodes - I came across Episode 535 that took the listener through the technical vis some solid storytelling. It is a little more on the purple team side so really a great listen because it discussed remediation as well. He is driving while podcasting... don't do this. Anyway, I took notes on his methodology and anything he mentioned.
Read/Write:
I'll keep it simple here, we've already gone through a lot of resources that fit in read/write, I'll just reiterate the following:- Create your own checklists for NetBIOS enumeration.
- Flash cards (make your own, physically write if you must).
- Read the man and help pages of tools.
I read & took notes on, and got the most from, the following blog posts:
- What is NetBIOS Enumeration
- An Introductory Guide to Hacking NETBIOS - Awesome, awesome, awesome blog by Aditi Bhatnagar
Kinesthetic:
There are a few TryHackMe rooms I would recommend aside from the Network Services one mentioned above. They include:
- NMAP, Burp, Metasploit rooms
- The entire Jr. Penetration Tester path
- The Lay of the Land and Enumeration
Cybrary does have a NetBIOS Enumeration interactive (appearing) course, which I have not taken, but if you are paying for this platform you might as well hit it up!
Finally, a safe place to practice installing and using these tools and methods are the easy boxes on TryHackMe and HackTheBox. Many of these are free to use (they just limit time). At some point, you can get to setting up your own home lab, in the meantime use resources you have at hand in these cost effective spaces.
Ending thoughts:
This is no way conclusive but I hope if you come across this space that you're finding it easier to understand your own learning style and how to self teach. We're onto SNMP Enumeration next!
Disclaimer: Understanding that this industry is already filled with educational content, the writer of this blog intends for this series to be utilized by learners who are looking to find resources for said topics. The content within these resources should be used with caution and common sense, taking note to understand the applicable laws of the reader's location. This is a personal blog of which any opinions or ideas expressed are of the owner/writer and not of any association they are affiliated with. To reach the writer of this blog, please find them on LinkedIn. When sharing this content with your own community it is asked that credit be given. Before reposting as a blog, please seek permission from the author.