What is IPC$?
Results 1 to 10 of 10

Thread: What is IPC$?

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    394

    What is IPC$?

    What IPC$ share?
    What is it exist for in windows?

    I know just that it is some unwanted shares in windows.
    If thay exist so how can I use them? What is IPC$ good for?

    I traid to mount but that share was empty and I was able to execute just shell commands in that folder where IPC$ was mounted to.

    ==My OS==
    Local=linux mandriva 10.1
    Remote=windows XP pro
    // too far away outside of limit

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,247
    Inter-Process Communication (IPC$) is used for data sharing between applications and computers.
    Admin$ is an administrative share of the %systemroot% folder on the local device. (C:\windows or C:\winnt)


    http://support.microsoft.com/?kbid=314984
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Here you go Mr.Babis take a look at this [1] hopefully that explains it a little bit ...

    [1] Special shared resources
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    Ok this is
    A resource that shares the named pipes that are essential for communication between programs.
    means that I can send commands to that remote computer/share(IPC$). But what kind of commands and how. or I need some special software for that? (from linux)

    If I can mount it as all other folders so it means that I can do something inside of it or I am wrong?
    // too far away outside of limit

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    Reading time
    How to create and delete hidden or administrative shares on client computers: Here
    Mounting Windows Network Shares: Here
    Government 'Security's thoughts on IPC: Here
    Skiddies talking about IPC: Here

    NOTE: This info has been posted for reading. Anything you do with this info is up to you. I dont want you people to abuse this info, blah blah blah. Not my fault if you do anything bad with it
    meh. -ech0.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    and the best bit of advice seen in those links...

    You can disable the default ipc$ share by setting the following registry key value to 2
    HKLM\system\currentcontrolset\control\lsa\restrict annonymous
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Posts
    2
    Originally posted here by thehorse13
    and the best bit of advice seen in those links...

    You can disable the default ipc$ share by setting the following registry key value to 2
    HKLM\system\currentcontrolset\control\lsa\restrict annonymous
    My key value was set to 0 and i changed it to 2 but the share still shows up in Shares in Computer Management. How can i disable this share?.

  8. #8
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    My key value was set to 0 and i changed it to 2 but the share still shows up in Shares in Computer Management. How can i disable this share?.
    Shares can be blocked by disabling net share service or blocking netbios or ports 139...
    Here is a litle more about netbios
    http://www.nacs.uci.edu/security/netbios.html
    // too far away outside of limit

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Even if the IPC share still exists, if the regkey is set to 2, you can't get anything back. To test this out, go download WINFO and aim it at your host. If you've set the key properly, it will not be able to enumerate anything via null pipes.

    http://ntsecurity.nu/toolbox/winfo/

    NOTE: You need admin rights to run this app.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Junior Member
    Join Date
    Oct 2005
    Posts
    1
    There is an excellent tutorial written here http://www.antionline.com/showthread...hreadid=264811 that is very relative to this post.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides