It's common practice to use Metasploit for NetBIOS enumeration in order to collect data on shared files, network resources, and system information.
Using Metasploit for NetBIOS Enumeration
1. Set Up Metasploit Framework
• Launch the Metasploit Console:
msfconsole
2. Use the nbname Auxiliary Module
The nbname module scans hosts and retrieves their NetBIOS names, workgroup details, and other information.
• Load the Module:
use auxiliary/scanner/netbios/nbname
• View Module Options:
show options
• Key Parameters:
- RHOSTS: Target IP range or CIDR (e.g., 192.168.1.0/24).
- THREADS: Number of concurrent threads (default: 10).
- RPORT: NetBIOS port (default: 137).
• Set Target Hosts:
set RHOSTS 192.168.1.200-210
• Adjust Threads (Optional):
set THREADS 11
• Run the Module:
run
• Output Example:
[*] 192.168.1.200 [METASPLOITABLE] OS:Unix Names:(METASPLOITABLE, WORKGROUP) Addresses:(192.168.1.208) Mac:00:00:00:00:00:00
[*] 192.168.1.201 [XEN-XP-SPLOIT] OS:Windows Names:(XEN-XP-SPLOIT, WORKGROUP) Addresses:(192.168.1.201) Mac:8a:e9:17:42:35:b0
3. Using the nbname_probe Auxiliary Module
This module sequentially probes NetBIOS services for similar information.
• Load the Module:
use auxiliary/scanner/netbios/nbname_probe
• View Module Options:
show options
• Set Target Hosts:
set RHOSTS 192.168.1.200-210
• Adjust Threads (Optional):
set THREADS 11
• Run the Module:
run
• Output Example:
[*] 192.168.1.205 [XEN-2K3-64] OS:Windows Names:(XEN-2K3-64, WORKGROUP, __MSBROWSE__) Addresses:(192.168.1.205) Mac:3a:f1:47:f6:a3:ab
Interpreting Results
- NetBIOS Names: Machine names and workgroups are useful for identifying systems on the network.
- OS Information: Operating system details (e.g., Windows, Unix) can help plan further enumeration or exploitation.
- MAC Addresses: Can be used to identify hardware or vendors.
