Exploiting Windows Services
Windows remains the most popular desktop operating system in the world, and most businesses have a significant number of Windows servers, desktops, and laptops. That makes Windows a particularly attractive target. Fortunately for penetration testers, many of the most commonly available Windows services are useful candidates for exploitation.
NetBIOS Name Resolution Exploits
One of the most commonly targeted services in a Windows network is NetBIOS. NetBIOS is commonly used for file sharing, but many other services rely on the protocol as well.
NETBIOS Name Services
When Windows systems need to resolve the IP address for a hostname, they use three lookup methods in the following order:
- The Local host file found at C:\Windows\System32\drivers\etc\hosts
- DNS, first via local cache and then via the DNS server
- The NetBIOS name service (NBNS), first via Link Local Multicast Name Resolution (LLMNR) queries and then via NetBIOS Name Service (NetBIOS-NS) queries