The NBTSTAT command is a wonderful little tool that can expose sensitive information about your NT systems and Windows networks. This command will reveal your Domain name and your server's NetBIOS name, and in some cases, even user names and service accounts. Additionally, if the NT system is running IIS services, that too is also revealed, along with the IIS anonymous user account..

This command works against all forms of Windows running TCP/IP. See the sample output from an NT system below:

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------

MPG <20> UNIQUE Registered
MAGGIE <00> GROUP Registered
MAGGIE <1C> GROUP Registered
MAGGIE <1B> UNIQUE Registered
MAGGIE <1E> GROUP Registered
MPG <03> UNIQUE Registered
MAGGIE <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
INet~Services <1C> GROUP Registered
IS~MPG.........<00> UNIQUE Registered
MPG <01> UNIQUE Registered

MAC Address = 00-C0-F0-0C-76-EF