NBT-NS
Just like DNS, the NTB-NS (NetBIOS name service) protocol is used to translate names to IP addresses. By default, it's used as a fallback in AD-DS.
The tools nbtscan and nmblookup can be used for reverse lookup (IP addresses to NetBIOS names)
1
# Name lookup on a range
2
nbtscan -r $SUBNET/$MASK
3
4
# Find names and workgroup from an IP address
5
nmblookup -A $IPAdress
Copied!
Some NBT-NS recon can be carried out with the enum4linux tool (see this page).
NBNS
Last modified 1yr ago
Copy link