Re: What Are These Shares(Remote Admin/Remote IPC)?

From: Alex Lomas (alex_at_alexlomas.com)
Date: 03/29/04

  • Next message: Daniel Wozniak: "Re: Need help on Spyware" 
    Date: Mon, 29 Mar 2004 21:48:59 +0100 (BST)
To: powderkeg@snow.email.ne.jp

    > are these neccessary..? I don't do any remote administration on/to this
    > host
    > (Win2kPro).

    A 2k/XP box always has admin shares - they're hidden (hence the $). I
    believe you can delete the IPC$ share but it always comes back after a
    reboot. I have heard of attempts being made to brute force accounts using
    IPC$ as it's used in authentication and RPC (I think).

    You may also find a print$ share on the machine if you have a shared
    printer - this is used to store printer drivers so that remote clients can
    seemlessly install the correct drivers when they connect (kinda neat but
    world readable I think!)

    --Alex

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Daniel Wozniak: "Re: Need help on Spyware"