In the last month's game, a classic ms08-067 loophole was encountered, which was a classic textbook loophole. However, it is limited to using Metasploit to exploit this vulnerability. Now I want to write something about the 139 and 445 ports briefly.
The first mention is that Netbios,netbios is the abbreviation for the network Basic Input/output system and provides a feature that allows different computers within the LAN to communicate. Strictly speaking, NetBIOS is a set of APIs, not a network protocol.
Today, the network protocol stack that we use is the TCP/IP stack, on the Windows operating system, NetBIOS runs on the NetBIOS over TCP/IP protocol, NetBIOS over TCP/IP (NBT or NetBT) is a network protocol, Allows applications that previously used the NetBIOS API to be in a modern TCP/IP network. Such as:
Besides, SMB,SMB is the abbreviation of server Message block, as an application layer protocol, which mainly provides the functions of file sharing, file printing and interprocess communication in a network, and now the use of SMB is mainly in Windows system.
The SMB protocol is a network layer protocol that runs on the session layer and operates in two ways, the first through the NetBIOS API, such as:
Uses UDP 137 and 138 ports and TCP 137 and 139 ports.
The second is to run directly above the TCP and UDP protocols, using 445 ports, which can be referred to as "direct hosting of SMB over TCP/IP".
To summarize, file printing, file sharing, and so on on Windows hosts are implemented through the SMB protocol, and SMB runs on 139 and 445 ports in two ways. We can use the means to make SMB run only in the second way, not through the NetBIOS API. Local connection Properties àInternet Protocol version 4 property à advanced àWINSà disables NetBIOS on TCP/IP. This way, SMB runs on only 445 ports.
When disabled :
about Windows 139 and 445 ports