Accessing Windows Shared Resources from Linux

One of the most common hacking intrussions on windows computers is due to user ignorance.
This affirmation is going to be described on this article,  also how it is done and the way to avoid it.

When a Windows 95/98/Me user shares one of his folders to allow other computers in the local network to read or write information there, usually he doesn't know that if he connects to internet will be still sharing this folder to any internet user!
Windows local drives or folders could be easily shared in read only or read/write mode and it allows to use a password to access this resource. If a user wants to share any resource it must use a password to do it, this is the minimun security level and it must be done.

Sharing windows drive C

There're two ways for reading this article:
The user that want's to connect from linux to a windows computer (may be at work) over internet to copy some files.
The wannabe hacker that want's to hack the planet using linux.
This last option is greatly discouraged.

Let's go practical:
The first and essential thing is to know the windows computer IP
For the next steps we'll use the IP number 666.666.666.666 (not real and impossible) referencing to the windows computer.
Now let's check if Sharing resources are installed on this computer. This is done by running a scanport program like nmap on TCP port 139.
nmap -sT 666.666.666.666 -p 139
If the result is something like:
Port       State       Service
139/tcp    open        netbios-ssn   

That only means Shared resources are installed on this computer.

Another way to do it is:
telnet 666.666.666.666 139
If we get:

telnet: Unable to connect to remote host: Connection refused

Then port 139 is closed

Trying 666.666.666.666...
Connected to 666.666.666.666
Escape character is '^]'.

This means It's open and wating for more instructions.
Linux is powerfull

For the next step you have to install samba on you Linux computer.
What's samba? samba is a software that allows you to connect a Linux computer to a Windows using NetBIOS to share folders and drives between both OS.
Almost every Linux distribution comes with samba, but if you don't have it, download from: http://www.samba.org/

Once installed, we'll use nmblookup that it's like Network icon on windows desktop to look for other computer names on the net.
nmblookup -B 666.666.666.666 -S \*
and we'll get a list like:


received 12 names
    COMPUTER        <00> -         B <ACTIVE>
    COMPUTER        <20> -         B <ACTIVE>
    DOMAIN          <00> - <GROUP> B <ACTIVE>
    DOMAIN          <1c> - <GROUP> B <ACTIVE>
    DOMAIN          <1b> -         B <ACTIVE>
    DOMAIN          <1e> - <GROUP> B <ACTIVE>
    COMPUTER        <03> -         B <ACTIVE>
    ADMINISTRATOR   <03> -         B <ACTIVE>
    DOMAIN          <1d> -         B <ACTIVE>
    ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
    INet~Services   <1c> - <GROUP> B <ACTIVE>
    IS~COMPUTER     <00> -         B <ACTIVE>
num_good_sends=0 num_good_receives=0

If it has a <20> means a shared resource

The values in the <xx> brackets can be:
  00 base computernames and workgroups, also in "*" queries
  01 master browser, in magic __MSBROWSE__ cookie
  03 messaging/alerter service; name of logged-in user  <--- This one is cool too ---
  20 resource-sharing "server service" name  <--- Check this one ---
  1B domain master-browser name
  1C domain controller name
  1E domain/workgroup master browser election announcement [?]

Now we know that COMPUTER <20> is what we were looking for.

To see the shared resources name on COMPUTER:

smbclient -L \\\\COMPUTER -I 666.666.666.666
If a password is asked then it means that this resource uses a password and if you doesn't know it you could not access this way to the computer.
Connect to the computer:
smbclient \\\\COMPUTER\\C -I 666.666.666.666 -d 3 -n nameyouwant -U usernameyouwant
-d 3 is debug level 3 to see all the error messages
-n is name is your netbios name that you will use on this sesion
-U is the usernameyou want to use


Try man smbclient or help once inside the smbclient to know commands.

And remember: Always use a password when sharing a folder from Windows!!


 


 


Visitors: 28231

by DrDoom
www.sorgonet.com