August 12th, 2003, 12:26 PM
File execution on shared drives
I am doing a test on two servers at work.
Netbios on the two servers is enabled and accessible to those who enter correct username and password combinations.
My question is this:
If someone has access to a computer through Netbios (net use * \\192.168.0.1\C$ /U:surreal) can they execute programs that would execute on the server itself and not on the client that issued the command? If so how?
Thanks for your time.
August 12th, 2003, 01:50 PM
Firstly, you can always bump up your other thread (http://www.antionline.com/showthread...hreadid=247331) to make it the first thread in the frontpage, instead of posting a new one asking the same question like this.
Secondly, if the command they use is "net use * \\192.168.0.1\C$ /U:surreal" then the answer is no, they can't. But they may execute programs that would execute on the server itself using other methods that exploit Netbios vulnerabilities.
Thirdly, the more important question is "how can I protect my computer against such attacks?". And the answer is by disabling Netbios (search disable netbios in this site).
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
August 12th, 2003, 01:54 PM
They won't be able to execute the programs on the remote server unless they have a telnet, ssh or remote desktop connection. If they are just sharing the drive, they can't execute remotely.
Now... it may be possible for an attacker to attack an unsecured or unpatched service and execute commands that way.... such as a buffer overflow or any number of vulnerabilities.
If they had remote access to the drive, they could create startup shortcuts for something like a a backdoor with netcat... have it run at startup and next time the server is rebooted... they can telnet to the backdoor they have setup. Viola... they can now exectue programs on the server... not to mention... copy new files to execute.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
August 12th, 2003, 01:54 PM
Some programs which rely on using the disk may execute on the server disk its self.
E.G a program to move files around on the local drive etc may execute on the server drive.
Although it was being run locally the movements etc would take place on the app path and hence the server drive.
August 12th, 2003, 01:57 PM
Programs running off a shared drive / mounted drive letter or whatever, will *not* run on the server.
When you run an executable, it runs locally.
The only way that it could run on the server was if you were using telnet / ssh / Windows Terminal Server, and logging on to the server that way. Just mapping a shared drive will not accomplish it.