Initial commit

Author: RcoIl

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

README.md

@@ -0,0 +1,2 @@
+# SharpNBTScan
+ 

SharpNBTScan.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30413.136
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpNBTScan", "SharpNBTScan\SharpNBTScan.csproj", "{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {79728E1F-311D-4CE1-88BE-9A1BC3B1C81D}
+	EndGlobalSection
+EndGlobal

SharpNBTScan/Program.cs

@@ -0,0 +1,156 @@
+using System;
+using System.Net;
+using System.Linq;
+using System.Text;
+using System.Net.Sockets;
+using System.Collections;
+using System.Globalization;
+
+namespace SharpNBTScan
+{
+    class Program
+    {
+        private static byte[] nbtstat = new byte[] {
+            0xee, 0x33, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x20, 0x43, 0x4b, 0x41,
+            0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+            0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+            0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+            0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21,
+            0x00, 0x01 
+            };
+
+        /// <summary>
+        /// 16 进制转 byte[] 数组
+        /// </summary>
+        private static byte[] Hex2Byte(String hexContent)
+        {
+            // 需要将 hex 转换成 byte 数组。 
+            byte[] bytes = new byte[hexContent.Length / 2];
+            for (int i = 0; i < bytes.Length; i++)
+            {
+                // 每两个字符是一个 byte。 
+                bytes[i] = byte.Parse(hexContent.Substring(i * 2, 2), NumberStyles.HexNumber);
+            }
+            return bytes;
+        }
+
+        private static string Conversion(String SourceString, int left, int right)
+        {
+            return Encoding.Default.GetString(Hex2Byte(SourceString.Substring(left, right)));
+        }
+
+        /// <summary>
+        /// 以固定长度拆分字符串
+        /// </summary>
+        private static ArrayList SplitLength(string SourceString, int Length)
+        {
+            ArrayList list = new ArrayList();
+            for (int i = 0; i < SourceString.Trim().Length; i += Length)
+            {
+                if ((SourceString.Trim().Length - i) >= Length)
+                    list.Add(SourceString.Trim().Substring(i, Length));
+                else
+                    list.Add(SourceString.Trim().Substring(i, SourceString.Trim().Length - i));
+            }
+            return list;
+        }
+
+        /// <summary>
+        /// 主功能函数
+        /// </summary>
+        private static void DetectionNBTscan(String host)
+        {
+            String response = String.Empty;
+
+            IPAddress ipAddress = IPAddress.Parse(host);
+            IPEndPoint remoteEP = new IPEndPoint(ipAddress, 137);
+
+            response = String.Format("\n[*] Detecting Remote Computer of {0}\n", host);
+            try
+            {
+                byte[] response_v0 = new byte[1024];
+                using (var sock = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp))
+                {
+                    sock.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReceiveTimeout, 3000);
+                    sock.Connect(remoteEP);
+
+                    sock.Send(nbtstat);
+                    sock.Receive(response_v0);
+                }
+
+                string NumberName = Convert.ToString(response_v0[56], 10);
+
+                response += String.Format("  [+] Data length: {0}\n  [+] Number of Names: {1}", Convert.ToString(response_v0[55], 10), NumberName);
+
+
+                // 开始处理数据内容(这种解析方式属于取巧，不耐用)：每个 Name 都是 18 个字节数组，如果转为 String 则为 36 个字符
+                string[] response_v1 = BitConverter.ToString(response_v0.Skip(57).ToArray()).Replace("-", "").Split(new String[] { "00000000" }, StringSplitOptions.RemoveEmptyEntries);
+                ArrayList strList = SplitLength(response_v1[0], 36);
+                foreach (string str in strList)
+                {
+                    String Flags = str.Substring(str.Length - 6, 2);
+                    String NameFlags = str.Substring(str.Length - 4);
+
+                    if (Flags == "00" && NameFlags == "0400")
+                    {
+                        response += String.Format("\n    [>] Name type: Unique name -> (Workstation/Redirector) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "00" && NameFlags == "8400")
+                    {
+                        response += String.Format("\n    [>] Name type: Group name -> (Workstation/Redirector) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "1C" && NameFlags == "8400")
+                    {
+                        response += String.Format("\n    [>] Name type: Group name -> (Domain Controllers) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "20" && NameFlags == "0400")
+                    {
+                        response += String.Format("\n    [>] Name type: Unique name -> (Server service) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "1B" && NameFlags == "0400")
+                    {
+                        response += String.Format("\n    [>] Name type: Unique name -> (Domain Master Browser) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "1E" && NameFlags == "8400")
+                    {
+                        response += String.Format("\n    [>] Name type: Group name -> (Browser Election Service) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (Flags == "1D" && NameFlags == "0400")
+                    {
+                        response += String.Format("\n    [>] Name type: Unique name -> (Local Master Browser) -> Name: {0}<{1}>", Conversion(str, 0, 30), Flags);
+                    }
+                    else if (str.Substring(0, 4) == "0102" && NameFlags == "8400")
+                    {
+                        response += String.Format("\n    [>] Name type: Unique name -> (Browser) -> Name: {0}<{1}>", Conversion(str, 4, 25), Flags);
+                    }
+                    else if (str.Length == 12)
+                    {
+                        String uintid = String.Empty;
+                        for (int i = 0; i < str.Length / 2; i++)
+                        {
+                            uintid += str.Substring(i * 2, 2) + "-";
+                        }
+                        response += String.Format("\n    [>] Uint ID(MAC Address): {0}", uintid.Substring(0, uintid.LastIndexOf('-')));
+                    }
+                }
+
+                Console.WriteLine(response);
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine("[!] Error: {0}", ex.Message);
+            }
+        }
+
+        static void Main(string[] args)
+        {
+
+            string host = args[0];
+            /*
+             * 多线程（线程池）处理
+             */
+            DetectionNBTscan(host);
+        }
+    }
+}

SharpNBTScan/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SharpNBTScan")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("SharpNBTScan")]
+[assembly: AssemblyCopyright("Copyright ©  2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a129dafb-020a-4f0c-8d79-7b3c47e437a3")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

SharpNBTScan/SharpNBTScan.csproj

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{A129DAFB-020A-4F0C-8D79-7B3C47E437A3}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>SharpNBTScan</RootNamespace>
+    <AssemblyName>SharpNBTScan</AssemblyName>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+    <TargetFrameworkProfile />
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Net" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="app.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

SharpNBTScan/app.config

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>