Re: MS Windows Hidden Shares

Jeff, Michael
   Thanks for the nice tool that you introduced, I'm going to test it.
To view the shares of a windows based PC, Win2k and later, it can be 
done using command prompt *net *command, here is an example with the result:

> *net share
*Share name   Resource                        Remark

-------------------------------------------------------------------------------
D$           D:\                             Default share
ADMIN$       C:\WINNT                        Remote Admin
C$           C:\                             Default share
IPC$                                         Remote IPC
The command completed successfully.


It's also possible to manage your PC shares or even remote PC, below you 
can find the command syntax:

*NET SHARE sharename
         sharename=drive:path [/USERS:number | /UNLIMITED]
                              [/REMARK:"text"]
                              [/CACHE:Manual | Automatic | No ]
         sharename [/USERS:number | /UNLIMITED]
                   [/REMARK:"text"]
                   [/CACHE:Manual | Automatic | No ]
         {sharename | devicename | drive:path} /DELETE*

By the way, we don't have always access to the 3rd party tools to do our 
job. In such cases, we should rely on native commands/tools of the OS.

Cheers,
Mohammad

Dunigan, Michael wrote:

> Jeff,
>
>         It depends on what you want to monitor in the hidden shares.  I
> use a product called ServersAlive to monitor my servers and am very
> happy with it.  (http://www.serversalive.com)  It has multiple checks
> that can be done against Windows, NetWare, and *nix servers.  A small
> selection might be things like free space on a disk resource, processor
> utilization on a NetWare box, check for a running process on a Windows
> box, etc.  You'll have to check the webpage to review the long list of
> check available.
>
> 	There is a free version that has some limitations of output
> types and a limit to the number of checks you can run, without
> purchasing a license.  The limitations are very minor and if you have
> modest requirements, you can run the free version forever without paying
> anything, so it is a great way to see if it will work for you.  The
> developer is a great resource to the product mail list, answering
> questions and dealing with anything might come up.  
>
>         I have no financial interest in the product.  I am just a
> satisfied customer.
>
> Michael J. Dunigan
> Office of the Registrar, University of Michigan
> (734) 647-3633
> MDunigan at umich dot edu
> *************************************
> Electronic Mail is not secure, may not be read every day, and should not
> be used for urgent or sensitive issues.
>
>
>  
>
> > -----Original Message-----
> > From: Jeffrey Smith [mailto:jes1@comcast.net]
> > Sent: Friday, March 24, 2006 3:13 PM
> > To: security-basics@securityfocus.com
> > Subject: RE: MS Windows Hidden Shares
> >
> > Anyone know of a tool to monitor Microsoft's hidden shares and drives
> > ($share (Admin$, c$, ipc$ ))?
> >
> > Jeff
> >
> >
> >
> >    
> ------------------------------------------------------------------------
> --
>  
>
> > -
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The Norwich University program offers unparalleled Infosec management
> > education and the case study affords you unmatched consulting
> >    
> experience.
>  
>
> > Tailor your education to your own professional goals with degree
> > customizations including Emergency Management, Business Continuity
> > Planning,
> > Computer Emergency Response Teams, and Digital Investigations.
> >
> > http://www.msia.norwich.edu/secfocus
> >
> >    
> ------------------------------------------------------------------------
> --
>  
>
> > -
> >    
>
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Tailor your education to your own professional goals with degree 
> customizations including Emergency Management, Business Continuity Planning, 
> Computer Emergency Response Teams, and Digital Investigations. 
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>  

--
Mohammad Ali Sarbanha
Senior IT Network Admin.
Telecommunication Kish Co.
Tel: (98) 764 4424144
Fax: (98) 764 4424169
Cell: (98) 934 769 3994
e-mail (official): sarbanha@tkckish.com
e-mail (personal): sarbanha@yahoo.com

Legal Disclaimer: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee and access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of this message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. If you have received this mail by mistake we request you to please contact the sender immediately. 


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------