Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user.
The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139—even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003
The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 126.96.36.199 with the built-in anonymous user (/u:'''') with a ('''') null password
DumpSec reveals shares over a null session with the target computer. It allows users to remotely connect to any computer and dump permissions, audit settings, and ownership for the Windows NT/2000 file system. Hackers can choose to dump either NTFS or share permissions. It can also dump permissions for printers and the registry
http:// www.inetcat.org/software/nbtscan.html . NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. NBTscan uses port 137 UDP for sending queries.