Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Windows Share Problem

RE: Windows Share Problem

From: Beauford, Jason <jbeauford_at_EightInOnePet.com>
Date: Fri, 6 May 2005 13:35:25 -0400

An admin of a W2K box can take ownership of any folder/share and then
grant themselves the permissions they need to access it. So the below
mentioned suggestion is easily circumvented.

If you have a share that you want to hide, use "$" sign after the share
name to create a "hidden" share. Of course this will hide the share
from your end users, however if you map the drive for them AND they have
the proper permissions, they can use it.

Now of course if the admins go poking around in EXPLORER, they'll
eventually find the folder with the little share icon on it. So they
can still access the share if they can find it. If they want a more
direct root, they can open the compmgt.msc (Computer Management Snap-in)
and just view any and all shares right there, this includes hidden.

In short, if you bury the shared folder deep in the file system and give
it a name like "SHARE$" w/o quotes then you can hide it from someone not
looking for a share. But if they really want to know what is being
shared, an Admin can EASILY find it.

-jmb

-----Original Message-----
From: dallas jordan [mailto:dallas.jordan_at_gmail.com]
Sent: Friday, May 06, 2005 10:48 AM
To: indianz_at_indianz.ch
Cc: security-basics_at_securityfocus.com
Subject: Re: Windows Share Problem

Create the folder and then go to the properties of the folder and share
it. Then go to the tab that says Security and add the users that need
access to it and give them the needed permissions. Dont add the admin
as a user or give them any permissions. does that make any sense?

On 5/6/05, indianz_at_indianz.ch <indianz_at_indianz.ch> wrote:
> Hi List
>
> Is it possible, in a win2K-Environment (nt4-compatibility-mode is on)
> without active-directory or domain, to grant users a network share on
> the server which an admin (external it-company with remote access)
> cannot see or has access to?
>
> Thanx in advance.
>
> kind regards,
>
> IndianZ
> 

-- 
Dallas Jordan CCNA, CISSP
Ernst & Young LLP
Security & Technology Solutions (STS)
E-mail:  Dallas.Jordan_at_ey.com
Received on May 09 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos