WELCOME GUEST ENJOY YOUR STAY HERE...

TELL A FRIEND ABOUT US.. Share/Save/Bookmark

Monday, September 14, 2009

Remove Hidden Shares from Win32 Boxes

NetBIOS open way for many Intruders if the port is open in a LAN, by default the port number for the NetBOS would be 139, and if it is in open state, then the hackers can take advantage over the default hidden share present in windows box specifically the IPC$ share, ( IPC - Inter Process Connect ), here the attacker can exploit this just by using the 'net use' command that is shiped with the windows machine itself, they will juts use the 'net use ' command and will establish a remote connection via IPC$ and once done, they can remotely create user account on the compromised box and can establish a telnet connection and can easily root the box. Here is a counter measure that can be taken to avoid this sort of attack, By default Windows 2000, Windows XP and WinNT automatically enables the hidden shares (admin$, c$, d$ and IPC$ - Inter Process Connect ). The following Registry Key will help you in disabling the Hidden shares. System Key: [HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > LanmanServer > Parameters]
Value Name: AutoShareWks
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable shares, 1 = enable)
Goto Run and type compmgmt.msc, this will take you to the computer management, here Click on 'shared folders' and then 'share' then delete the shares that you want to remove. Note : To remove the admin share for only the current session use the second method (Computer Management console), if you want a permanent removal, add the AutoShareWks in the registry.

No comments:

Post a Comment

Follow Me... Stay Connected

MY STATS

Top Blogs

Learn hacking tips tricks earn online hints cheats

Blog Directory & Search engine

blogarama - the blog directory

BlogsByCategory.com

Technology Blogs - Blog Rankings

Visit blogadda.com to discover Indian blogs

Computers

Computers Blogs