Now let's have some serious fun. Netscape (or any browser or ftp program) uses TCP/IP to connect. What happens if we use NetBIOS instead to try to download files from Oldguy's ftp server?
Let's try some more NetBIOS commands:
C:\>net view \\10.0.0.2 The network path was not found.
I got this message because my firewall blocked access to Oldguy, giving the message:
The firewall has blocked Internet access to 10.0.0.2 (TCP Port 445) from your computer [TCP Flags: S].
There's a good reason for this. My firewall/IDS is trying to keep me from carelessly making my computer a part of some stranger's LAN. Keep in mind that NetBIOS is a two-way street. However, I want to run this command, so I shut down Zone Alarm and give the command again:
C:\>net view \\10.0.0.2 Share name Type Used as Comment
-------------------------------------------------------- This is a list of shared directories. Oooh, look at that, the ftp server is shared. Does this mean I can get in? When setting shares on a Windows NT server, the default choice is to allow access to read, write and delete files to everyone. So sometimes a sysadmin carelessly fails to restrict access to a share.
What is really important is that we didn't need a user name or password to get this potentially compromising information.
Let's establish an anonymous connection to Oldguy, meaning we connect without giving it a user name or password:
C:\>net use \\10.0.0.2\ipc$ We are connected! What to Do Once you Are Connected
So far we haven't quite been breaking the law, although we have been getting pretty rude if the owner of that target computer hasn't given us permission to explore. What if we want to stop pushing our luck and decide to disconnect? Just give the message:
C:\>net session \\10.0.0.2 /delete
Of course you would substitute the name or number of the computer to which you are connected for 10.0.0.2.
What if you want to stay connected? Oldguy will let you stay connected even if you do nothing more. By contrast, a login to a Unix/Linux type computer will normally time out and disconnect you if you go too long without doing anything.
System error 53 has occurred.
Shared resources at
\\10.0.0.2
ftproot Disk
InetPub Disk
wwwroot Disk
The command completed successfully.
Local name
Remote name \\10.0.0.2\IPC$
Resource type IPC
Status OK
# Opens 0
# Connections 1
The command completed successfully.
Newbie note: IPC (ipc$) stands for "Inter Process Connector", used to set up connections across a network between Windows computers using NetBIOS.