NetBIOS Enumeration Cheatsheet: Essential Commands for Pentesters — Neerajlovecyber

· Security  · 3 min read

NetBIOS Enumeration Cheatsheet: Essential Commands for Pentesters

Comprehensive guide to NetBIOS enumeration with practical commands and techniques for network security professionals and ethical hackers.

Table of Contents

What is NetBIOS?

NetBIOS (Network Basic Input/Output System) is a legacy networking protocol that allows computers on a local area network (LAN) to communicate and share resources. Here’s a simple breakdown of its main functions and features:

  • Name Resolution: NetBIOS provides hostname-to-IP resolution, helping systems find the correct IP address for devices like “FileServer”
  • File and Printer Sharing: It enables file and printer sharing across the network, allowing access to shared files or printers on other machines
  • Session Management: NetBIOS manages sessions, enabling reliable data exchange between two computers
  • Broadcasting: It uses broadcast messages for network discovery, allowing devices to find and share resources
  • Common Usage: NetBIOS is commonly found in older Windows networking environments or mixed OS networks where Windows and non-Windows machines communicate

Quick NetBIOS Enumeration Commands

Here are some essential commands for quick NetBIOS enumeration:

Terminal window
nmblookup -A 10.10.10.10
nbtscan 10.10.10.10
sudo nmap -sU -sV -T4 --script nbstat.nse -p137 -Pn -n 10.10.10.10

Purpose of Ports 137 and 138 in NetBIOS

Port 137 (NetBIOS Name Service – NBNS)

  • Resolves NetBIOS names to IP addresses
  • Identifies computer names, workgroup or domain names, and network shares

Port 138 (NetBIOS Datagram Service – NBDS)

  • Sends datagrams like browser elections and announcements
  • Enables hosts to find each other and broadcast name info in a LAN

Tools and Commands for NetBIOS Enumeration

nbtstat (Windows Built-in Tool)

Query remote NetBIOS Name Table (port 137):

Terminal window
nbtstat -A 192.168.1.10

This command returns the NetBIOS name table of the target system, showing hostnames, sessions, and shared resources.

View local NetBIOS name table:

Terminal window
nbtstat -n

View active NetBIOS connections (port 138):

Terminal window
nbtstat -S

nbtscan

A dedicated tool for NetBIOS name service enumeration over port 137:

Scan an IP or subnet for NetBIOS names:

Terminal window
nbtscan 192.168.1.0/24

This lists NetBIOS names and corresponding IP addresses for network mapping and asset identification.

Interpreting NetBIOS Enumeration Results

When scanning NetBIOS over ports 137 and 138, look for these common flags:

FlagMeaning
<00>Indicates the hostname or domain name
<20>Indicates the system is running file-sharing services
<03>Indicates the Messenger service is active on the machine

These flags help identify the roles of systems on the network (e.g., file servers or domain controllers).

Securing Ports 137 and 138

To protect against NetBIOS enumeration vulnerabilities:

  1. Disable NetBIOS over TCP/IP if not required
    • This can be done in the network adapter settings (Windows)
  2. Block ports 137 and 138 using a firewall
    • Especially important on public-facing systems
    • Prevents external enumeration
  3. Enforce strong authentication and access controls
    • Implement for all shared network resources

Conclusion

By using NetBIOS enumeration tools like nbtstat, nbtscan, and Nmap, pentesters can uncover valuable information about networked systems, including their names, services, and shared resources. This information helps map the attack surface and discover potential vulnerabilities. However, it’s crucial to use these tools ethically and only on systems you have permission to test.

Back to Blog

Related Posts

View All Posts »
Steganography Cheatsheet for CTF Beginners

Steganography Cheatsheet for CTF Beginners

A complete Steganography 101 CTF Cheatsheet covering essential tools, techniques, and tips to solve image, audio, and file-based stego challenges. Perfect for beginners and CTF players looking to master hidden data analysis.