NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN). It was created by IBM for its early PC Network, was adopted by Microsoft, and has since become a de facto industry standard. NetBIOS is used in Ethernet and Token Ring networks and, included as part of NetBIOS Extended User Interface (NetBEUI), in recent Microsoft Windows operating systems
It does not in itself support a routing mechanism so applications communicating on a wide area network (WAN) must use another “transport mechanism” (such as Transmission Control Protocol) rather than or in addition to NetBIOS.
NetBIOS frees the application from having to understand the details of the network, including error recovery (in session mode). A NetBIOS request is provided in the form of a Network Control Block (NCB) which, among other things, specifies a message location and the name of a destination.
Netbios Name Service (NBT-NS) is used in Windows networks for communication between hosts. Systems will use this service when resolving names over LHOSTS and DNS fail. Abusing this service to perform a Man-in-the-middle attack is a common tactic that has been widely used by penetration testers and red teamers to gain initial foothold inside a system. The retrieved password hashes can be cracked offline or can be used in conjunction with a relay attack to achieve legitimate access into hosts.
Here we will crack the password of the windows through msfconsole.
- msfconsole -q
- >use auxiliary/server/capture/smb
- >show options
- >set JOHNPWFILE /root/Desktop/AdminBomber/name_pw.log (can be any name)
- >exploit -j -z
After this we will open windows and click on map network drive and enter the IP of our kali ,but as we try to enter it asks us for our username and password of our network. As we add our username and password, we will go to kali again. We swill get the password in encrypted form.
In windows all the passwords are stored in NTLM Form and are stored in SAM file.In order to crack it there are many utilities and here we will be using johntheripper(password cracker file)and as we open the file in terminal we will get our password.