How to make sure your file sharing is not shared to the Internet! (Or see if other people have file sharing enabled...)
This was all paraphrased from a deja.com posting. Credits do NOT belong to me.
Begin quote:
Portscan to see if port 139 is open. Use nbtstat -a to see if file sharing is enabled. look for a <20> in the second column. Next, try to view shares. If it\'s Win9x, they\'ll either (a) not have any shares available, (b) have shares w/ passwords or (c) have open shares. An NT machine can give you much more through enumeration. You can enumerate groups and usernames, the global password policy, etc, through a null session, if port 139 is open. From there you can then try to do brute force guessing of passwords for the usernames you collected. Using NetBIOS How to obtain unauthorized access to Win9x/NT systems by wintermute2k@yahoo.com For more background and additional resources, review NeonSurge\'s documents. Both documents are available from: http://packetstorm.securify.com/groups/rhino9/.
[Protecting yourself]
First, a note on protecting yourself...in order to deter someone from accessing your system remotely, disable file sharing. On Win9x systems, this means opening Control Panel -> Network -> File and Print Sharing...and removing the checks from both check boxes. For NT systems, simply disable the Server service via Control Panel -> Services. If you must provide shared resources via the Internet, then do so understanding the risks, and using strong passwords. An additional layer of protection can be added in several ways. For example, you can run NukeNabber on your system. This program listens for connections, and reports attempts to connect the ports it monitors. When running this program, be sure to modify the default configuration such that ONLY ports 135, 137, 138, and 139 are monitored. If you have some money to spend, you might consider other applications such as BlackICE (http://www.networkice.com/) and Signal9\'s Conseal firewall (http://www.signal9.com/). These applications will monitor inbound connections to your system, and report port scans and attempts to connect to your system. [snip]
The file sharing vulnerability revolves around the fact that by default, NetBIOS is bound to TCP/IP. By itself, NetBIOS is an non-routable protocol, which means that it\'s only supposed to work on the local subnet. However, by default, NetBIOS will be bound to TCP/IP, making it routable not only on the internal network, but over the Internet as well. The MSDN site listed in the \"[Tools and Sites]\" section is an excellent resource to become familiar with. You can use it to research just about anything relating to Microsoft operating systems and applications. For example, for Win9x users, the following KnowledgeBase (KB) articles are of interest: Q178729: How to configure Win95 to dial into a RAS/RRAS server http://support.microsoft.com/support/kb/articles/q178/7/29.asp Q145843: How to connect to a remote server http://support.microsoft.com/support/kb/articles/q145/8/43.asp Q183368: Requirements to browse network with dial-up networking http://support.microsoft.com/support/kb/articles/q183/3/68.asp It would probably be a very good idea to review these before you get started on any of the commands in this document.
**This information is taken from a Guide To (mostly) Harmless Hacking that I wrote a while back: http://www.happyhacker.org/crack295.htm This Guide will take you through the steps, in some detail, of setting things up on your system.
End Quote