forked from mubix/FakeNetBIOS
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathREADME_FakeNetbiosDGM.txt
More file actions
118 lines (83 loc) · 3.92 KB
/
README_FakeNetbiosDGM.txt
File metadata and controls
118 lines (83 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
-------------------------------------------------------------------------------
| |
| FakeNetbiosDGM V. 0.91 |
| |
| Simulation of NetBIOS hosts (Windows-like) on NetBIOS Datagram Service (DGM) |
| |
-------------------------------------------------------------------------------
Copyright © Patrick Chambet 2004-2005
DISCLAMER
=========
This is provided as a simulation tool only for educational purposes
and testing by authorized individuals with permission to do so.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
INTRO
=====
FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate
Windows hosts bradcasts. It sends periodically NetBIOS announces over the network
to simulate Windows computers.
It fools the Computer Browser services running over the LAN and so on.
It can be used as a standalone tool or as a honeyd subsystem.
Note that it is an ACTIVE honeypot.
COMPILE
=======
- Note: the source code compiles on Win32 AND on Linux.
Yes, it is on purpose. No, it isn't always easy.
USAGE
=====
Usage: FakeNetbiosDGM -d <destination_IP> [options]
IP options:
-s [source IP] Source IP address
-Note 1: your system must support raw IP
-Note 2: Windows XP SP2 & Windows 2003 with Windows
Firewall enabled silently drop packets with
spoofed source address...
-u Do not use raw IP (Honeyd compatible) (default: off)
-d [destination IP] Broadcast IP address
NetBIOS options:
-D [Domain/Workgroup] Target Domain/Workgroup (default: WORKGROUP)
-N [names prefix] Host names prefix (default: HOST)
-a [announcement] Announcement type (default: 1)
1: Host, 2: Domain/Workgroup, 3: Local Master
-n [host number] Host number (default: 1)
-c [comment] Host description (default: "Windows XP Workstation")
-f [file path] Use a configuration file (default: none)
Misc. options:
-t [time] Time between successive packets in ms (default: 500)
-T [time to wait] Time before repeating same action in sec.
(Windows default: 720 [12 min])
-H Activate Honeyd mode
-v Verbose mode
-h This text
EXAMPLES
========
FakeNetbiosDGM -s 192.168.0.1 -d 192.168.0.255 -D NTDOM -N ALLYOURBASE -n 100
-t 1000 -T 120 -c "Windows XP Workstation" -v
FakeNetbiosDGM -d 192.168.0.255 -D MYDOMAIN -N MYCOMPUTER -c "" -v
FakeNetbiosDGM -d 192.168.0.255 -f FakeNetbiosDGM.ini -H
SOME SAMPLE USAGES
==================
- Honeypot/net tool
- Can simulate a huge LAN with one computer only
- Can use a configuration file
- Messing tool...
- Announce thousands of computers (up to 100 000 computers can appear
in Windows "Network Places" GUI !)
- Announce yourself as the DC, the file server, etc.
-> man in the middle attacks
- Release real NetBIOS services (DC, Computer Browser, IIS, etc.)
- Etc. (you can have some imagination here: think about NetBIOS as
an ARP-like protocol over UDP)
TO DO
=====
- Add more Release types
WHO
===
Patrick Chambet <patrick@chambet.com>
Greetings to:
- Barzoc <barzoc@rstack.org>
- Francis Hauguet <francis.hauguet@eads.com>
- The French Honeynet Project (FHP) <http://www.frenchhoneynet.org>
- Rstack team <http://www.rstack.org>