RE: About default sharing folders in Windows

From: Tony Bradley | NetSecurity (netsecurity.guide_at_about.com)
Date: 05/27/03

  • Next message: Meritt James: "Re: Site audit template" 
    To: <s970501@ku.edu.np>
Date: Tue, 27 May 2003 12:52:09 -0400

    <<i've heard that there are some default sharing folders in Windows
    2000, XP like $C, $D, $ADMIN, $IPC. if i've just installed WINDOWS 2000
    OS w/ default setting, how hacker can access my sharing folders and what
    hacker can do? >>

    The main problem lies in using weak or no password.

    These are default administrative shares. If I can get to your machine I
    can attempt to connect to \\yourmachine\c$ at which point I would have
    to supply an administrative username and password. If you have blank
    passwords or use stuff like "password" or "123" as your password then
    odds are I can get in. Once I get in I would have access to anything
    that the administrator would have access to on that drive.

    A recent Internet worm (Deborm) used this method of attaching to hidden
    administrative shares using no or weak passwords.

    I believe there might be a way in the registry to remove the
    administrative shares altogether, but whether there is or isn't you need
    to make sure you have strong passwords for the administrator account and
    you should assign a strong password to the Guest account even if you
    keep the account disabled.

    Hope that helps-

    Tony Bradley, CISSP, MCSE2k, MCSA, MCP, A+
    About.com Guide for Internet / Network Security
    http://netsecurity.about.com

    Click here to sign up for the weekly Internet / Network Security
    Newsletter: NetSecurity Newsletter

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Meritt James: "Re: Site audit template"

    Relevant Pages

    • RE: About default sharing folders in Windows
      ... I belive a hacker may use command like this one to map your drive C: ... permissions like a user the account belong to. ... You can remove administrative shares on a workstation by setting this key: ... the registry key settings needed to secure a workstation. ...
      (Security-Basics)
    • Re: About default sharing folders in Windows
      ... You can remove administrative shares on a workstation by setting this key: ... The benchmarking tool also includes security admin templates for ... >> you should assign a strong password to the Guest account even if you ...
      (Security-Basics)
    • RE: About default sharing folders in Windows
      ... There is a way to kill Administrative Shares, ... Double click on AutoShareServer and set it to 0 to disable it for a server. ... >>to make sure you have strong passwords for the administrator ... >>you should assign a strong password to the Guest account even if you ...
      (Security-Basics)
    • Re: Install fails with a "..path specified...is invalid"
      ... Either the administrative shares have been disabled or you are running under ... an account that does not have access to the administrative shares on all ... > it is performing operations on the cluster nodes and then fails with the ... > "The path specified in a command line argument is invalid: ...
      (microsoft.public.sqlserver.clustering)