NetBIOS Name resolver

• Previous message: Louis Solomon [SteelBytes]: "Re: Norton Internet Security 2003 blacklist fault?"
• Next in thread: Alun Jones: "Re: NetBIOS Name resolver"
• Reply: Alun Jones: "Re: NetBIOS Name resolver"
• Reply: Brian Depew: "Windows 2000 server issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 12 Sep 2003 00:06:55 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Those of you on dynamically addressed networks may be having a little bit
of a headache in taking the contents of the vulnerable.log file generated
by Microsoft's scan tools for MS03-026 and MS03-039. The log is very
useful, but since it's contents are the IP addresses only, you may be
spending quite a bit of time at the console running nbtstat -a to reverse
resolve those addresses to NetBIOS names for your technicians in their
task of manually patching recalcitrant hosts.

To meet the need, I've tossed together a small VBScript, to be run by
cscript.exe, and made it available at
http://www.mousetrax.com/Downloads.html#NetBIOSNameResolver

The download is a 3k zip file containing GetNetBIOSName.vbs and readme.txt

Usage is simple and so is the job. So here's a simple tool for the job if
you need it.

To save a little of your online time, I've included the contents of
readme.txt below my signature.

Thanks for your patience!

Greg Chapman
http://www.mousetrax.com
"Counting in binary is as easy as 01, 10, 11!
With thinking this clear, is coding really a good idea?"

-----------------------------------------------------------------------
GetNetBIOSName.vbs
Author: Greg Chapman
Contact: greg@mousetrax.com
Web: http://www.mousetrax.com

-----------------------------------------------------------------------
What's it for?
-----------------------------------------------------------------------
GetNetBIOSName.vbs is a tool for taking lists of IP Addresses and
resolving those addresses to Windows NetBIOS names. It is designed
to accurately parse the lists of vulnerable machines produced by the
scan tools offered by Microsoft to help administrators identify
network hosts in need of a security update patch.

-----------------------------------------------------------------------
How do I use it?
-----------------------------------------------------------------------
There are two ways to use this pup. On a system that has VBS files
associated with the Windows Script Host, you can drag and drop your list
of addresses directly on the script. The script will accept that file
as an argument and process the IP Addresses, one at a time.

Or, you can open a command Console, change to the directory containing
GetNetBIOSName.vbs and pass, as an argument, the path and file name of
your list.

For Example:
GetNetBIOSName.vbs "c:\vulnerable systems\vulnerable.log"

Will pass the file, c:\vulnerable systems\vulnerable.log, to the script.

-----------------------------------------------------------------------
Does it take any other arguments, say a single IP Address?
-----------------------------------------------------------------------
No, it doesn't. See, all you gotta do for one address is the same thing
GetNetBIOSName.vbs does for all the addresses in the list:
nbtstat -a <IP Address>

Simple, eh?

Yes, it might be useful to be able to specify a bit mask, say
192.168.0.0/16. Yep, that would be cool. Might get around to writing
that bit of logic one day.

For the meantime, this will have to do.

-----------------------------------------------------------------------
Is there a specific format for the IP list to have?
-----------------------------------------------------------------------
Oh, absolutely! The list of addresses must be arranged with one IP
Address per line, like this:

192.168.0.1
192.168.0.3
192.168.0.243

Any other arrangement will simply cause some sort of odd failure. No,
it won't be a damaging result. The result will merely be useless
beyond anything but entertainment.

-----------------------------------------------------------------------
Anything else I should know?
-----------------------------------------------------------------------
Only these points:
- NetBIOSNames.log will be created in the same folder in which the
script resides.

- NetBIOSNames.log contains output that is truly Comma Separated Value
format. In other words, the output in the file will look something like
this:

"192.168.0.152","KIDS01","MAC Address = 00-20-ED-5B-98-8E"
"192.168.0.159","POPPAS01","MAC Address = 00-E0-29-27-17-57"

- Instead of consuming your machine and network, the script will only
resolve one of the machines in the list at a time.

- Please, if you pass the script along, pass this readme file with it.
Not that I'm picky, but I'd prefer to get credit where it's due.

- If, instead of credit, you think I'm due some criticism, hold that
thought...to yourself! It's a tool, I wrote it, and I'm not
responsible for what you do with it. Got yourself fired for scanning
your network without talking to your network admin? Well, that's
YOUR fault, right? The script is well mannered, but this is software
and getting the results does mean you make some racket on your
network.

----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available.  And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
----

• Previous message: Louis Solomon [SteelBytes]: "Re: Norton Internet Security 2003 blacklist fault?"
• Next in thread: Alun Jones: "Re: NetBIOS Name resolver"
• Reply: Alun Jones: "Re: NetBIOS Name resolver"
• Reply: Brian Depew: "Windows 2000 server issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]