Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Access to WIn9x machine using Shared Drive vulnerability

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    16

    Question Access to WIn9x machine using Shared Drive vulnerability

    Hi guys!

    I've been doing alot of reading on this subject today, pretty much spent my whole day at work trying to figure out how it would work, but still haven't!

    I know that you would use nbtstat -A command to to obtain a list of remote names and mchines on an IP address. I've alos discovered that this can provide you with 2 out of 3 of the information necessary to connect to a computer. How would these names be useful? User name and Domain Name?

    Anyway...I divulge! I've also learnt that the Net View\\machine_name command is also useful in giving you the names of shared folders etc on the machine.

    And then there is also the Netstat -R command!

    I have been able to find a PC on my network which has network shares, mapped a drive to the network share and gained access to that folder.

    What I cannot fathom is what to do next to gain access to the whole PC. is it possible using this vulnerability?

    How would I get past a Folder Share which has been password protected? By simply using a brute force password cracker? I downloaded Brutus, but it isn't having much luck with anything!

    I'm a lamer using win98 , please help me! I'm stuck!


  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    118

    Re: Access to WIn9x machine using Shared Drive vulnerability

    Originally posted by Dugganm
    Hi guys!

    I've been doing alot of reading on this subject today, pretty much spent my whole day at work trying to figure out how it would work, but still haven't!

    I know that you would use nbtstat -A command to to obtain a list of remote names and mchines on an IP address. I've alos discovered that this can provide you with 2 out of 3 of the information necessary to connect to a computer. How would these names be useful? User name and Domain Name?

    Anyway...I divulge! I've also learnt that the Net View\\machine_name command is also useful in giving you the names of shared folders etc on the machine.

    And then there is also the Netstat -R command!

    I have been able to find a PC on my network which has network shares, mapped a drive to the network share and gained access to that folder.

    What I cannot fathom is what to do next to gain access to the whole PC. is it possible using this vulnerability?

    How would I get past a Folder Share which has been password protected? By simply using a brute force password cracker? I downloaded Brutus, but it isn't having much luck with anything!

    I'm a lamer using win98 , please help me! I'm stuck!

    Simply tell me the IP of the machine that you have found.....I will email the sys admin and tell him that someone is trying to break into his computer and he will fix the share and then we can all be happy.
    There\'s no sense in being Pessimistic...it would never work anyway.

  3. #3
    Junior Member
    Join Date
    Aug 2001
    Posts
    16

    Unhappy

    Thanks for your informative reply!

    It was really useful and has helped me out alot!

    Giving you the IP address won't work because you won't be able to see it through all of the firewalls/routers. And if you think I'm giving you any of the IP addresses for those, you are sadly mistaken!

    You could email the sysadmin if you want, but wait a minute...that would be me!

    I suppose usign the term Lamer wasn't correct, i suppose the term Newbie would be more correct. I've had the job of Security lumped ontop of my other work, so I'm not exactly up to speed yet.

    I am wanting to do this to prove a point to my manager/network manager regarding network shares. I don't think they are secure, and that unwanted people could gain access to sensitive information on the PCs (I work in a hospital). i wanted to prove that if I can do it, then other can!

    Simple as that!

    Not all of us are evil on these forums! It may have been my first post using this userID, but I have been heer since these forums were started using another. i just haven't posted in a while.

    Now...can I have a sensible answer? is what I asked even possible? I thought it was since M$ released a patch regarding these network shares.

    Thankyou for any sensible responses!

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    118
    Originally posted by Dugganm
    Thanks for your informative reply!

    It was really useful and has helped me out alot!

    Any time. call again soon.

    Originally posted by Dugganm
    Giving you the IP address won't work because you won't be able to see it through all of the firewalls/routers. And if you think I'm giving you any of the IP addresses for those, you are sadly mistaken!
    Am i missing something, if you cant see it from an outside address then it isn't vulnerable.

    Originally posted by Dugganm
    You could email the sysadmin if you want, but wait a minute...that would be me!
    Well you wont mind me emailing you checking that it is you then will you?? as i'd ahte anyone going doing something illegal.

    Originally posted by Dugganm
    I suppose usign the term Lamer wasn't correct, i suppose the term Newbie would be more correct. I've had the job of Security lumped ontop of my other work, so I'm not exactly up to speed yet.
    Using the term lamer wasn't really that much of a good idea. It made people think (including me) that you were a script kiddie (some one who is a lamer).

    Originally posted by Dugganm
    I am wanting to do this to prove a point to my manager/network manager regarding network shares. I don't think they are secure, and that unwanted people could gain access to sensitive information on the PCs (I work in a hospital). i wanted to prove that if I can do it, then other can!
    Your shares should be fine as long as they have a reasonably long password on them, (you have got a password right??)

    Are you suggesting that your hospital computers are connected TO the internet directly???? is there any specialy need for this?
    There\'s no sense in being Pessimistic...it would never work anyway.

  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    16
    Yes, if you can't see the Pcs from outside then they aren't vulnerable...from the outside! They are not connected to the Internet directly!

    We do however have alot of Junior Doctors and senior consultants who reckon they have far more knowledge than the IT department because they read some computer magazines, and hence try to be clever with their PC, but instead 9 times out of 10, knacker the O/S.
    This is one reason why I want rid of folder shares, just in case they decide to go browsing through Network Neighbourhood, and stumble across something they shouldn't.

    Yes, most of the shared folders i have found have passwords, but it was my understanding that with the aid of a simple program, it is possible to get past these passwords. is this not the case?

    The other reason I want rid of Folder shares is thanks to the recent viruses (Nimda and Kez) which propagated through Networks using folder shares. True, these viruses didn't affect our organisation, and we have antivirus software running On-access scanners on MOST machines. But what happens if a new virus appears before any of the AV vendors have a new identity for their software? Thats right...the virus runs haywire through all of the network shares that are currently open!

    Oh...and feel free to email me, but you'd need the Admin email address for that!

  6. #6
    Hey
    I think i know about as much on this subject as you...

    However, some points. If it's impossible for someone off this board to access these shares, it's not a security risk, unless someone can somehow make your network think theyre a trusted system, which isn't too hard i don't *think*

    As for password cracking, what yo uare doing is a basic password crack, using a dictionary...as you can see it's not very effective, i read somewhere that it would take 16 billion years to test all possible characters in a 1-8 letter password, with a cracker running at 1million passwords/second. That's a lot! Password crackers aren't what some people make them up to be.

    Also, i have no practical experience as yet, but if u can access a share you have read/write access to it, including reformatting the drive.......

    So it is a problem.
    YOU\'RE JUST JEALOUS CUZ THE VOICES ARE TALKING TO ME!

  7. #7
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    "It depends."

    If the share doesn't need to get files sent to it from the outside, then make it read-only. They should all be read-only shares, unless you have a good reason to make them full-access. And even then, never share out the whole drive, just share out an 'incoming' folder or something.

    Passwords should be at least 8 characters in length, should NOT be something that you will find in the dictionary, and should be at least a mix of numbers and characters. Something like rabbi123 is BAD, however, because that particular kind of dictionary-word + number combination is VERY popular. Stuff like frogw0rt or ilove9pins might work as a compromise, if users have bad memories.
    [HvC]Terr: L33T Technical Proficiency

  8. #8

    Re: Access to WIn9x machine using Shared Drive vulnerability

    Originally posted by Dugganm
    Hi guys!

    I've been doing alot of reading on this subject today, pretty much spent my whole day at work trying to figure out how it would work, but still haven't!

    I know that you would use nbtstat -A command to to obtain a list of remote names and mchines on an IP address. I've alos discovered that this can provide you with 2 out of 3 of the information necessary to connect to a computer. How would these names be useful? User name and Domain Name?

    Anyway...I divulge! I've also learnt that the Net View\\machine_name command is also useful in giving you the names of shared folders etc on the machine.

    And then there is also the Netstat -R command!

    I have been able to find a PC on my network which has network shares, mapped a drive to the network share and gained access to that folder.

    What I cannot fathom is what to do next to gain access to the whole PC. is it possible using this vulnerability?

    How would I get past a Folder Share which has been password protected? By simply using a brute force password cracker? I downloaded Brutus, but it isn't having much luck with anything!

    I'm a lamer using win98 , please help me! I'm stuck!


    So u got the IP of the person sharing and u can also see his/her share drive or folder name, now u have to simply change few things in ur Lmhosts.sam file find it and write the IP address and share drive or folder .

    Other way is simply get this software this will easily let u connect to the victim and it will also crack the share password.

    project R3x

    ------------------------------------------------------------------------------------
    In Every Digital Circuit There Is An Analog Circuit Screaming To Come Out.

  9. #9
    Junior Member
    Join Date
    Aug 2001
    Posts
    16
    thanks!

    Project R3X seems to do everythign that i was aksing! Finds pretty much everything connected to your network that has an IP address, and then saves it all as a nice HTML file. Even cracks passwords for you!

    Thanks again KaKoKoOl!!

    Now..."If it's impossible for someone off this board to access these shares, it's not a security risk..."

    I beg to differ. What about the people within the organisation? Just because they work for the company, doesn't mean that they can be trusted!! I'd rather get rid of shares as a precaution, rather than have them there waiting to be broken into.

    Or am I just being pessimistic?

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    Project R3X seems to do everythign that i was aksing! Finds pretty much everything connected to your network that has an IP address, and then saves it all as a nice HTML file. Even cracks passwords for you!
    where did you find project R3X?
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •