_|_|_| _| _| _| _| _| _| _| _|_|_| _| _|_|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_|_| _| _| _| _| _|_|_| _|_|_| _| _|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_|_| _|_|_| _| _| _|_|_| _|_|_| _|_|_| _|_|_| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_| _| _|_| _|_|_| _| _| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_|_| _|_|_| http://pheces.home.ml.org i'll say any damn thing i want. öööööööööööööööööööööööööööööööö Title: |||| Using NetBIOS |||| Date: June 25, 1998 Author: rootwurm öööööööööööööööööööööööööööööööö the other day i was talking to a friend and i said something like "yeah, i got in through netbios" he just looked at me like i was retarded. the fact is, most people either don't care, or don't know about the fun you can have with netbios. another fact is, that netbios runs on port 139. and if you know ANYTHING about computers, you know that that is definatly the OOB exploit port. micro$oft did an awesome OOB patch that simply CLOSED THE DAMN NETBIOS PORT! well, actually, i think that was the first patch...newer versions actually fixed the shit and left 139 open. ok, here's a quick rundown on what netbios is.. (note: i'm just telling you this from memory, some facts are probably a little off....look elsewhere for an in-depth, technical explantaion.) netbios lets windoze 95 (l)users share files over the network (whether it be a lan, wan, or the internet) netbios uses port 113 to get the hostname information and the dir information, and port 139 is used for the actual connection. most computers ARE running netbios, and a quick way to find out is to do a 'netbios stat' on them. to do that, simply take their hostname (we'll use pah-pm2-1-60.vci.net (my current ip address) for example) now, in the Run box, (on the start menu in win95) type nbtstat -A 205.241.254.60 (if you have the numerical ip) or nbtstat -a pah-pm2-1-60.vci.net (if you don't feel like resolving it) that should come back with a bunch of names in a 'dos' box. if it says "host not found." then that person is either not running netbios, or they don't have win95. otherwise, it should come back with some names and shit. the names change from computer to computer because everyone names their computer something different. mine's named JENNY (jenny is this chick that lives right down the street and she is GOD!) so we'll use mine for an example. if you want to find out what your computer is named, or change it, goto the control panel, then Network, then Identification. now, in the run box, type notepad c:\windows\lmhosts lmhosts DOES NOT HAVE AN EXTENSION! it will ask you to create the file the first time, just click YEP. now, in lmhosts, type 205.241.254.60 JENNY all on one line, with nothing else on that line. now save it and in the run box type \\JENNY be sure you get the right slashes, it makes ALL the difference. \\ means "it's on the network" where // means "its on the local drive" now, if they are offering stuff, it should give you a box much like when you double-click on your hard drive. browse at will. if you don't get a box, try typing this in the run box.. net view \\jenny it will either show you some stuff that is offered, or tell you that that computer is not taking requests. if it gives you some 'shared' resources, try typing \\jenny\resource in the run box (where 'resource' is whatever is being shared) sometimes it will ask you for a password, and most of the time just hitting enter will work. some other things you can try is just 'ping jenny' to ping 205.241.254.60, as well as 'telnet jenny' etc....the network will look for 'jenny' on your dns server, and if it doesn't resolve there, it will check lmhosts blah, that was confusing, i know, but if i didn't make sense on something, then EMAIL ME! goddamn it! you'll never learn if you don't ask! i won't bite you....well, at least i promise not to draw blood :-) rootwurm (rootwurm@antisocial.com) LONG LIVE THE FLAMING TURD!!! BOOYAH! (((((((((((((((((((((((((((((((((((((((((((((#yep)))))))))))))))))))))))))))))))))))))))))))))