Re: About default sharing folders in Windows

sken> if i've just installed WINDOWS 2000 OS w/ default setting, how hacker can sken> access my sharing folders and what hacker can do?

If you have no firewalls and NetBIOS was not blocked otherwise, I belive a hacker may use command like this one to map your drive C: as a local M:

net use M: \\your_computer\C$ password /USER:your_login

Of cause he will need to guess your password in order to perform such a task. IMHO, on default NT installation guessing a login is not a problem. Logins may be obtained through NULL-sessions die to IPC$ share opened for everyone. Since the password was guessed, hacker would have permissions like a user the account belong to.

To disable default shares, edit registry as follows:

In key HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

Create or edit AutoShareWks or AutoShareServer (for server) value and set it with REG_DWORD 0

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

To disable IPC$ share, go to key

HKLM\SYSTEM\CurrentControlSet\Control\LSA

And create or modify REG-DWORD value RestrictAnonymous You'd better set it to 1. This will not disable null-sessions, but prevent anonymous users from gathering sensitive information like user accounts etc. The value 2 is completely disable NULL, but it may cause problems in connections with none-Microsoft software and older MS versions (FYI see Q246261).

Hope this helps.

-- 
Best regards,
 Martchukov Anton aka VH                      mailto:vhlist@yandex.ru


---------------------------------------------------------------------------
----------------------------------------------------------------------------