312-50V10 · Question #629
Why would an attacker want to perform a scan on port 137?
The correct answer is D. To discover information about a target host using NBTSTAT. Port 137 (NetBIOS Name Service) is scanned to enumerate information about a Windows target, equivalent to what the nbtstat command retrieves.
Question
Why would an attacker want to perform a scan on port 137?
Options
- ATo discover proxy servers on a network
- BTo disrupt the NetBIOS SMB service on the target host
- CTo check for file and print sharing on Windows systems
- DTo discover information about a target host using NBTSTAT
How the community answered
(41 responses)- A7% (3)
- B2% (1)
- C2% (1)
- D88% (36)
Why each option
Port 137 (NetBIOS Name Service) is scanned to enumerate information about a Windows target, equivalent to what the nbtstat command retrieves.
Proxy servers operate on ports such as 8080, 3128, or 1080; port 137 is dedicated exclusively to NetBIOS Name Service and does not indicate the presence of a proxy.
Disrupting the NetBIOS SMB service describes a denial-of-service objective, whereas scanning port 137 is a reconnaissance activity aimed at information gathering, not service disruption.
File and print sharing on Windows uses port 445 (SMB direct over TCP) and port 139 (NetBIOS Session Service); port 137 handles only name resolution, not file or print sharing traffic.
Port 137 (UDP and TCP) hosts the NetBIOS Name Service, and querying it allows an attacker to retrieve the target's NetBIOS name table - including the computer name, logged-on users, domain or workgroup membership, and MAC address - mirroring the output of the Windows nbtstat command. This passive reconnaissance provides valuable mapping data that attackers use to identify roles, users, and network structure before launching further attacks.
Concept tested: NetBIOS Name Service port 137 reconnaissance via NBTSTAT
Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat
Topics
Community Discussion
No community discussion yet for this question.