netbios-disabled: NetBIOS Disabled

日期: 2025-08-01 | 影响软件: NetBIOS | POC: 已公开

漏洞描述

Determine if NetBIOS over TCP/IP is disabled on all network adapters.

PoC代码[已公开]

id: netbios-disabled

info:
  name: NetBIOS Disabled
  author: princechaddha
  severity: medium
  description: Determine if NetBIOS over TCP/IP is disabled on all network adapters.
  impact: |
    Enabling NetBIOS can expose systems to network-related attacks such as traffic interception and spoofing.
  remediation: |
    Disable NetBIOS on all network adapters to mitigate potential security risks.
  tags: windows,netbios,network,security,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $netbiosStatus = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_."TCP/IPNetBIOSOptions" -ne 2 }
      if ($netbiosStatus) {"NetBIOS is misconfigured or enabled"} else {"NetBIOS is correctly disabled"}

    matchers:
      - type: word
        words:
          - "NetBIOS is misconfigured or enabled"
# digest: 4b0a00483046022100e85ea6c57f3fa56e4736caaaf47eb109b51ee0978b66cc95ba1ab671560af6cc022100ffcdeb9d0c8013bea7ebdb1cd2a83b1f0224854dfa78c19017a6c5270b12f646:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/netbios-disabled.yaml