how to get NetBIOS information of a local/remote computer ?

Posted by

NetBIOS is a string of 16 characters ASCII that is used to identify network devices over the TCP/IP protocol where the first 15 characters are most of the times the hostname or device name and the 16th charater is the record type or the service.

To do that you only have three requirements:

1. INTRANET

You will need to have internal access, you already need to have a compromised device in order to get that information. (talking about enterprise situations…) for testing purposes on LAN just apply the same commands and analyze the results.

2. NBTSTAT

Is an utility in Windows OS that let you displays NetBIOS information over the TCP/IP protocol.

3. PERMISSIONS

The command will retrieve the following info:

– Protocol Statistics
– NetBIOS name tables (local / remote) devices
– NetBIOS name cache

For example,

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\securitytweak>nbtstat

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine’s name table given its name
-A (Adapter status) Lists the remote machine’s name table given its
IP address.
-c (cache) Lists NBT’s cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh

So, basically you are able to see the same previous information putting on command line just the command “nbtstat“.

To perform a local NetBIOS request, do the following:

C:\Users\securitytweak> nbtstat -n

To perform a remote request, do the following:

C:\Users\securitytweak> nbtstat -A or -a [ip address]

To perform cache request, do the following:

C:\Users\securitytweak> nbtstat -c

Check results play with the parameters and continue the journey.

Good luck.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s