Hacking windows shares

First of all lets check if share is enable or not by using nmap scan.

$ nmap 10.10.10.103
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-07 22:03 EST
Nmap scan report for 10.10.10.103
Host is up (0.31s latency).
Not shown: 987 filtered ports
PORT     STATE SERVICE
-- snip --
139/tcp  open  netbios-ssn
-- snip --

Here, port netbios port 139 is open. Now, checkout the shares name. For this we have tool in kali linux called `smbclient`.

$ smbclient -L //10.10.10.103
Enter WORKGROUP\root's password: 

    Sharename       Type      Comment
    ---------       ----      -------
    ADMIN$          Disk      Remote Admin
    C$              Disk      Default share
    CertEnroll      Disk      Active Directory Certificate Services share
    Shares          Disk      
    IPC$            IPC       Remote IPC
    NETLOGON        Disk      Logon server share 
    Operations      Disk      
    SYSVOL          Disk      Logon server share 
Reconnecting with SMB1 for workgroup listing.
Connection to 10.10.10.103 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available

where, -L will get a list of shares available on a host

So, we have number of shares available. Now, to access those shares we need to have access on those shares.

$ smbmap -H 10.10.10.103
[+] Finding open SMB ports....
[+] User SMB session establishd on 10.10.10.103...
[+] IP: 10.10.10.103:445    Name: hostname.local                                  
    Disk                                                    Permissions
    ----                                                    -----------
[!] Access Denied

Opps! looks like we do not have permission to list permission. Anyway, using this command you will see the permission on each shares. Now, what we can do for checking permission is to manually check them. We can check using following command:

$ smbclient //10.10.10.103/Shares
Enter WORKGROUP\root's password: [just hit enter]
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Tue Jul  3 11:22:32 2018
  ..                                  D        0  Tue Jul  3 11:22:32 2018

Do similar for others and see if you can list anything.

Useful link: http://www.madirish.net/59

Leave a Reply

Your email address will not be published. Required fields are marked *