NETBIOS Name Service

NETBIOS Name Service (NBNS) is a service that maps NetBIOS computer names and network addresses for LANs. This is used for name resolution and re

NetBIOS is not a networking protocol but an API.

LLMNR

Link-Local Multicast Name Resolution (LLMNR) provides name resolution where there is no DNS server. It sends a multicast packet on port UDP 5355.

Attack

When there is no DNS server on the LAN a computer will send a NBNS and/or LLMNR request. This request is broadcast to the whole subnet.

A NBNS and LLMNR Spoofing attack takes advantage of the request and posing as the requested service. This sets the attacker to capture the traffic intended for the original server. In the case of services that require authentication, the server will send a challenge for the victim's host. The host will respond with the response with the password. This response is hashed and allows the attacker to perform offline password cracking.