HackFest Series: Hotel/Motel NETBIOS for the Holidays
Lisa Kachold
lisakachold at obnosis.com
Sun Dec 27 08:48:53 MST 2009
"Security researchers at SkullSecurity have demonstrated how the
NetBIOS protocol allows trivial hijacking due to its design, through
the use of a tool called 'nbpoison' (in the package 'nbtool'). If a
DNS lookup fails on Windows, the operating system will broadcast a
NetBIOS lookup request that anybody can respond to. One vector of
attack is against business workstations on an untrusted network, like
a hotel; all DNS requests for internal resources can be redirected
(Exchange, proxy, WPAD, etc). Other attack vectors are discussed in a
related blog post. Although similar attacks exist against DHCP, ARP
and many other LAN-based protocols, we all know that untrusted systems
on a LAN means game over. NetBIOS poisoning is much quieter and less
likely to break other things."
References:
NBTool: http://www.skullsecurity.org/blog/?p=356
MiTM without arp spoofing NetBIOS:
http://hypersecurity.blogspot.com/2009/12/netbios-spoofing.html
So what does this have to do with Linux anyway? Samba!
http://www.youtube.com/watch?v=p2r0kIB_ItE Samba HowTo
http://www.skullsecurity.org/blog/?cat=4 smb-psexec.nse tool Samba
http://www.youtube.com/watch?v=M3B2ydAYf_Y German Linux Version
[We pwn all you old Linxians with your SMB servers!]
(and you OS X kids are ours as well!)
Need a MAC to Test: Installing Tiger OSX on a Gateway PC (Using KNOPPIX)
VIDEOs:
Basic Windows Overview:
http://www.youtube.com/watch?v=lT335Z2xFDY&feature=related
http://www.youtube.com/watch?v=rvdQZpnjW-M Netbios
Source NBTool: http://www.skullsecurity.org/wiki/index.php/Nbtool
Runs from an iPhone/iPod, Linux, OS X, Windows
Works with Hamachi: http://www.youtube.com/watch?v=sqedawL8Weo
ExtraCredit: http://www.ubiqx.org/cifs/ CIFS
DISCLAIMER: This is educational information only, intended to educate
technical professionals and uber-users on the real security
implications that are ignored by thousands of liable companies, and
involve serious risk for us all. At no time are we advocating
exploits to private property or anything that would create damage or
illegal acts.
This is a lab exercise only.
See SlashDot: http://tech.slashdot.org/story/09/12/26/0242203/NetBIOS-Design-Allows-Traffic-Redirection
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato
More information about the PLUG-discuss
mailing list