azbil

Japanese

English

GO to the azbil Global Site

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact

 

 

NBTdeputy


NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name. It's similar to Proxy ARP.


This tool works nicely with SMBRelay. For example, SMBRelay runs on a computer as ANONYMOUS-ONE and the IP address is 192.168.1.10 and NBTdeputy is also ran and 192.168.1.10 is specified. SMBRelay may connect to any XP or .NET 2003 Server when the logon users access "My Network Places". See this.

Precondition:

  1. NBTdeputy uses port 137 and 138 so NetBIOS over TCP/IP must be disabled.
  2. NBTdeputy does not check for existing computer names. Must specify a unique computer name on LAN.
  3. NBTdeputy does not become Master Browser. Must specify an existing Workgroup on LAN.
  4. NBTdeputy must exists on the same LAN as the targeted XP and .Net 2003 Server machines.

Test Conditions on NBTdeputy and SMBRelay version 0.992:

  • Windows 2000 SP3 with NetBIOS over TCP/IP disabled and Direct SMB Hosting Service disabled (edit SMBDeviceEnabled in registry).
  • Add one other IP address (192.168.1.11) to the network interface for relay service using "Advanced TCP/IP Settings".
  • > smbrelay /r 192.168.1.11 /s anonymous-one
  • SMBRelay is not stable. If the session got disconnected, try the following command on the computer which uses the relay service of SMBRelay.
  • > net use \\192.168.1.11\ipc$ * /administrator
  • Press enter when asked for password.
  • See "Hacking Exposed Windows 2000" on how to use SMBRelay.

Postscript:

Imagine a server outside of the network segment that your computer is on. Every time you want to access the server, you need to manually enter the address of that machine. NBTdeputy can help by registering that server on your network segment. When you click "My Network Places", you can find the server on your list and access it just by double clicking the icon.

(Dec. 2002)

 


Added: Sep. 2004 (Updated: Nov. 2004)

  • A fake server of SMBRelay (/F option) isn't run well.
  • A Windows NT 4.0 machine start up as 192.168.1.11.
  • > smbrelay /s anonymous-one /t 192.168.1.11
  • To throw a fixed challenge using SMBRelay, add
    memcpy(pdialectselectheader+1, "\0\0\0\0\0\0\0\0", 8);
    just before
    printf("Challenge (%d bytes): ",
    pdialectselectheader->EncryptionKeyLen);


 

 



SecurityFriday TM

(C)Azbil SecurityFriday Co., Ltd. All rights reserved.