137,138,139 - Pentesting NetBios
NetBios Name Service
Name service for name registration and resolution (ports: 137/udp and 137/tcp).
Datagram distribution service for connectionless communication (port: 138/udp).
Session service for connection-oriented communication (port: 139/tcp).
Name Service
Every machine should have a name inside the NetBios network. To request a name, a machine should send a "Name Query" packet in broadcast and if anyone answer that it is already using that name, the machine can use that name. If there is a Name Service server, the computer could ask the Name Service server if someone is using the name that it wants to use.
To discover the IP address of a Name, a PC has to send a "Name Query" packet and wait if anyone answers. If there is a Name Service server, the PC can ask it for the IP of the name.
Enumerating a NetBIOS service you can obtain the names the server is using and the MAC address of the server.
Datagram Distribution Service
NetBIOS datagrams are sent over UDP. A datagram is sent with a "Direct Unique" or "Direct Group" packet if it's being sent to a particular NetBIOS name, or a "Broadcast" packet if it's being sent to all NetBIOS names on the network.
Session Service
Session mode lets two computers establish a connection for a "conversation", allows larger messages to be handled, and provides error detection and recovery.
Data is transmitted during an established session by Session Message packets.
Sessions are closed by closing the TCP connection.
Read the next page to learn how to enumerate this service:
HackTricks Automatic Commands
Last updated
Was this helpful?