Categories

Recent Comments

Share Permissions

Written by admin on 11 March 2009

Windows shares — the available network drives that show up when browsing the network in Network Neighborhood or My Network Places — are often misconfigured, allowing more people to have access to them than they should. This is a security vulnerability that can be exploited by the casual browser, but the implications of a hacker gaining unauthorized access to a Windows system can result in serious consequences, including the leakage of confidential information and even the deletion of critical files.

Windows defaults

The default share permission depends on the Windows system version.

Windows 2000/NT

When creating shares in Windows NT and 2000, the group Everyone is given Full Control access in the share by default for all files to

  1.  Browse files
  2.  Read files
  3.  Write files

Anyone who maps to the IPC$ connection with a null session (as described in the preceding section “Null Sessions”) is automatically made part of the Everyone group! This means that remote hackers can automatically gain browse, read, and write access to a Windows NT or 2000 server if they establish a null session. 

If share permissions are misconfigured, hackers on the Internet may gain access to these shares on an unprotected system and open, create, and delete files at will!

Windows 2003 Server

In Windows 2003 Server, the Everyone group is given only Read access to shares. This is definitely an improvement over the defaults in Windows 2000 and NT, but it’s not the best setting for the utmost security. You still may have situations where you don’t even want the Everyone group to have Read access to a share.

Testing

Assessing your share permissions is a good way to get an overall view of who can access what. This testing shows how vulnerable your network shares — and confidential information — can be. You can find shares with default permissions and unnecessary access rights enabled.

The best test for share permissions that shouldn’t exist is to log in to the Windows computer and run an enumeration program so you can see who has access to what.

DumpSec

DumpSec shows the share permissions on your servers in a graphical form. You simply connect to the remote computer and select Dump Permissions for Shares in the Report menu. This produces shares labeled as unprotected.

This vulnerability exists in both Windows NT and Windows 2000 servers. Thank goodness Microsoft fixed this default weakness in Windows Server 2003!

LANguard

LANguard Network Security Scanner also shows the share permissions on your servers in a graphical fashion.

Unprotected shares in a Windows NT system.

Unprotected shares in a remote Windows NT server.

Tags: , , , , ,
Posted in Operating System Hacking | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search
SponsoredTweets referral badge

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

Improve the web with Nofollow Reciprocity.