136 Chapter 6 ■ Enumeration of Services
Note that the ipc$ share is the IPC share.To view the shares available on a particular system, after issuing the command to con-
nect to the ipc$ share on the target system issue the following command:
net view \\zeldaThis command lists the shares on the system. Of course if no other shared resources are
available nothing will be displayed.
Once an attacker has this list of shares, the next step is to connect to a share and view
the data. This is easy to do at this point by using the net use command:
net use s: \\zelda\(shared folder name)You should now be able to view the contents of the folder by browsing the S: drive,
which is mapped in this example.SuperScan
You used SuperScan earlier to do scanning, but this scanner is more than a one-trick pony
and can help you with your NetBIOS exploration. In addition to SuperScan’s documented
abilities to scan TCP and UDP ports, perform ping scans, and run whois and tracert, it
has a formidable suite of features designed to query a system and return useful information.
SuperScan offers a number of useful enumeration utilities designed for extracting infor-
mation such as the following from a Windows-based host:
■ NetBIOS name table
■ NULL session
■ MAC addresses
■ Workstation type
■ Users
■ Groups
■ Remote procedure call (RPC) endpoint dump
■ Account policies
■ Shares
■ Domains
■ Logon sessions
■ Trusted domains
■ Services