Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Revealing admin shares


  • Please log in to reply
2 replies to this topic

#1 Cate82

Cate82

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 24 March 2010 - 10:40 AM

Hi. I've had terrible hacker problems (and yes, I'm meticulous about security), but I've worked hard to overcome them.

My question is about $. When I do a search using just $, I get as a result just about everything on my computer---a long long list of files, folders, everything.

Does this mean everything is shared in Windows, even if you try to turn it off?

I am beginning to believe that Microsoft is a cover for some kind of massive surveillance and control of the population (kidding, sort of), because you just can't control your own computer, you can't stop the "sharing", and you can't stop there always being some kind of outside access to your computer, no matter how hard you try.

It is impossible to have privacy with Windows.

So How do I get rid of the "~#!& ing dollar signs?!

Thanks.

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:25 PM

Posted 24 March 2010 - 11:10 AM

The $ sign means that it is a hidden admin share.
http://en.wikipedia.org/wiki/Administrative_share

So no, someone is not able to access those files, and it does not mean that they are reachable via the network. If someone is able to access your admin account, you already have other problems.

there always being some kind of outside access to your computer, no matter how hard you try.

You mean like when you use the Internet? That requires outside access.

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:25 PM

Posted 24 March 2010 - 03:30 PM

If certain ports are opened on your firewall from 135 to 139 or port 445 and they some how get your password, then yes they can use various integrated tools to access your administrative and other shares to exfiltrate data.

If those ports are open then they could use the following:

net use

net session

net view

nbtstat

ntlist

tasklist

I would also make sure that Remote Registry Access is disabled in services.msc, this way if your computer does get compromised then they cannot remotely add stuff to the registry to further comprise your computer, and this also prevents the addition of adding specific files or tools from the attackers arsenal.

So that being said I would block ports 135 to 139 at the firewall, and these ports are for netbios, and port 445 replaced the aforementioned ports.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users