Results 1 to 5 of 5

Thread: File execution on shared drives

  1. #1

    File execution on shared drives


    I am doing a test on two servers at work.

    Netbios on the two servers is enabled and accessible to those who enter correct username and password combinations.
    My question is this:
    If someone has access to a computer through Netbios (net use * \\\C$ /U:surreal) can they execute programs that would execute on the server itself and not on the client that issued the command? If so how?

    Thanks for your time.

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Hey hey,

    Firstly, you can always bump up your other thread (http://www.antionline.com/showthread...hreadid=247331) to make it the first thread in the frontpage, instead of posting a new one asking the same question like this.

    Secondly, if the command they use is "net use * \\\C$ /U:surreal" then the answer is no, they can't. But they may execute programs that would execute on the server itself using other methods that exploit Netbios vulnerabilities.

    Thirdly, the more important question is "how can I protect my computer against such attacks?". And the answer is by disabling Netbios (search disable netbios in this site).

    Peace always,
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    They won't be able to execute the programs on the remote server unless they have a telnet, ssh or remote desktop connection. If they are just sharing the drive, they can't execute remotely.

    Now... it may be possible for an attacker to attack an unsecured or unpatched service and execute commands that way.... such as a buffer overflow or any number of vulnerabilities.

    If they had remote access to the drive, they could create startup shortcuts for something like a a backdoor with netcat... have it run at startup and next time the server is rebooted... they can telnet to the backdoor they have setup. Viola... they can now exectue programs on the server... not to mention... copy new files to execute.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Some programs which rely on using the disk may execute on the server disk its self.

    E.G a program to move files around on the local drive etc may execute on the server drive.

    Although it was being run locally the movements etc would take place on the app path and hence the server drive.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Programs running off a shared drive / mounted drive letter or whatever, will *not* run on the server.

    When you run an executable, it runs locally.

    The only way that it could run on the server was if you were using telnet / ssh / Windows Terminal Server, and logging on to the server that way. Just mapping a shared drive will not accomplish it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts