Home page logo
/

basics logo Security Basics mailing list archives

Re: About default sharing folders in Windows
From: vh <vhlist () yandex ru>
Date: Tue, 27 May 2003 23:48:15 +0400

sken> if i've just installed WINDOWS 2000 OS w/ default setting, how hacker can
sken> access my sharing folders and what hacker can do?

If you have no firewalls and NetBIOS was not blocked otherwise,
I belive a hacker may use command like this one to map your drive C:
as a local M:

net use M: \\your_computer\C$ password /USER:your_login

Of cause he will need to guess your password in order to perform such
a task. IMHO, on default NT installation guessing a login is not a problem.
Logins may be obtained through NULL-sessions die to IPC$ share opened for
everyone. Since the password was guessed, hacker would have
permissions like a user the account belong to.

To disable default shares, edit registry as follows:

In key HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Create or edit AutoShareWks or AutoShareServer (for server) value and
set it with REG_DWORD 0


To disable IPC$ share, go to key

HKLM\SYSTEM\CurrentControlSet\Control\LSA

And create or modify REG-DWORD value RestrictAnonymous
You'd better set it to 1. This will not disable null-sessions, but
prevent anonymous users from gathering sensitive information like user
accounts etc. The value 2 is completely disable NULL, but it may cause
problems in connections with none-Microsoft software and older MS
versions (FYI see Q246261).

Hope this helps.

-- 
Best regards,
 Martchukov Anton aka VH                      mailto:vhlist () yandex ru


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault