Notifications
Clear all
Topic starter 16/08/2025 6:36 pm
NetBIOS Enumeration is a technique used in ethical hacking and penetration testing to gather information from Windows-based networks using the NetBIOS protocol (Network Basic Input/Output System). It’s especially useful during the reconnaissance phase of an attack or security audit.
🧠 What Is NetBIOS?
NetBIOS allows applications on different computers to communicate over a local area network (LAN). It supports:
- Name resolution (mapping names to IP addresses)
- Session management (establishing connections)
- Datagram services (connectionless communication)
It typically operates over TCP ports 137, 138, and 139.
🔍 What Is NetBIOS Enumeration?
NetBIOS enumeration involves querying systems to extract:
- Computer names
- Usernames
- Shared folders and drives
- Workgroup/domain names
- MAC addresses
- Service packs and hotfixes
- Security policies and sessions
This information helps attackers or auditors map the network, identify vulnerable systems, and locate misconfigured shares.
🧪 Common Tools & Commands
| Tool/Command | Purpose |
|---|---|
nbtstat -A IP |
Displays NetBIOS name table of a remote computer by IP address. |
net view \\host |
Lists shared resources on a remote host. |
enum4linux |
Linux tool for enumerating Windows systems via NetBIOS/Samba. |
Metasploit |
Framework with modules for NetBIOS enumeration and exploitation. |
⚠️ Why It Matters
NetBIOS enumeration can expose:
- Sensitive data like usernames and shared folders.
- Null sessions, which allow unauthenticated access to system information.
- Entry points for lateral movement or privilege escalation.
🛡️ How to Defend Against It
- Disable NetBIOS over TCP/IP if not needed.
- Block ports 137–139 on firewalls.
- Use strong access controls on shared resources.
- Monitor for unauthorized NetBIOS traffic.
