Home page logo
/

basics logo Security Basics mailing list archives

Re: MS Windows Hidden Shares
From: Mohammad Ali Sarbanha <sarbanha () tkckish com>
Date: Tue, 28 Mar 2006 19:25:37 +0330

Jeff, Michael
   Thanks for the nice tool that you introduced, I'm going to test it.
To view the shares of a windows based PC, Win2k and later, it can be done using command prompt *net *command, here is an example with the result:

> *net share
*Share name   Resource                        Remark

-------------------------------------------------------------------------------
D$           D:\                             Default share
ADMIN$       C:\WINNT                        Remote Admin
C$           C:\                             Default share
IPC$                                         Remote IPC
The command completed successfully.


It's also possible to manage your PC shares or even remote PC, below you can find the command syntax:

*NET SHARE sharename
         sharename=drive:path [/USERS:number | /UNLIMITED]
                              [/REMARK:"text"]
                              [/CACHE:Manual | Automatic | No ]
         sharename [/USERS:number | /UNLIMITED]
                   [/REMARK:"text"]
                   [/CACHE:Manual | Automatic | No ]
         {sharename | devicename | drive:path} /DELETE*

By the way, we don't have always access to the 3rd party tools to do our job. In such cases, we should rely on native commands/tools of the OS.

Cheers,
Mohammad

Dunigan, Michael wrote:

Jeff,

        It depends on what you want to monitor in the hidden shares.  I
use a product called ServersAlive to monitor my servers and am very
happy with it.  (http://www.serversalive.com)  It has multiple checks
that can be done against Windows, NetWare, and *nix servers.  A small
selection might be things like free space on a disk resource, processor
utilization on a NetWare box, check for a running process on a Windows
box, etc.  You'll have to check the webpage to review the long list of
check available.

        There is a free version that has some limitations of output
types and a limit to the number of checks you can run, without
purchasing a license.  The limitations are very minor and if you have
modest requirements, you can run the free version forever without paying
anything, so it is a great way to see if it will work for you.  The
developer is a great resource to the product mail list, answering
questions and dealing with anything might come up.
        I have no financial interest in the product.  I am just a
satisfied customer.

Michael J. Dunigan
Office of the Registrar, University of Michigan
(734) 647-3633
MDunigan at umich dot edu
*************************************
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.


-----Original Message-----
From: Jeffrey Smith [mailto:jes1 () comcast net]
Sent: Friday, March 24, 2006 3:13 PM
To: security-basics () securityfocus com
Subject: RE: MS Windows Hidden Shares

Anyone know of a tool to monitor Microsoft's hidden shares and drives
($share (Admin$, c$, ipc$ ))?

Jeff



------------------------------------------------------------------------
--
-
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
--
-


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



--
Mohammad Ali Sarbanha
Senior IT Network Admin.
Telecommunication Kish Co.
Tel: (98) 764 4424144
Fax: (98) 764 4424169
Cell: (98) 934 769 3994
e-mail (official): sarbanha () tkckish com
e-mail (personal): sarbanha () yahoo com

Legal Disclaimer: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee and access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of this message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. If you have received this mail by mistake we request you to please contact the sender immediately.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault