Re: About default sharing folders in Windows

From: vh (vhlist_at_yandex.ru)
Date: 05/27/03

  • Next message: Bob Waldron: "Re: Site audit template" 
    Date:	Tue, 27 May 2003 23:48:15 +0400
To: s970501@ku.edu.np

    sken> if i've just installed WINDOWS 2000 OS w/ default setting, how hacker can
    sken> access my sharing folders and what hacker can do?

    If you have no firewalls and NetBIOS was not blocked otherwise,
    I belive a hacker may use command like this one to map your drive C:
    as a local M:

    net use M: \\your_computer\C$ password /USER:your_login

    Of cause he will need to guess your password in order to perform such
    a task. IMHO, on default NT installation guessing a login is not a problem.
    Logins may be obtained through NULL-sessions die to IPC$ share opened for
    everyone. Since the password was guessed, hacker would have
    permissions like a user the account belong to.

    To disable default shares, edit registry as follows:

    In key HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

    Create or edit AutoShareWks or AutoShareServer (for server) value and
    set it with REG_DWORD 0

    To disable IPC$ share, go to key

    HKLM\SYSTEM\CurrentControlSet\Control\LSA

    And create or modify REG-DWORD value RestrictAnonymous
    You'd better set it to 1. This will not disable null-sessions, but
    prevent anonymous users from gathering sensitive information like user
    accounts etc. The value 2 is completely disable NULL, but it may cause
    problems in connections with none-Microsoft software and older MS
    versions (FYI see Q246261).

    Hope this helps. 

    -- 
Best regards,
 Martchukov Anton aka VH                      mailto:vhlist@yandex.ru
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Bob Waldron: "Re: Site audit template"