Detect open windows shares?

Discussion in 'Perl Misc' started by Trick Kid, Apr 2, 2006.

  1. Trick Kid

    Trick Kid Guest

    Hi,

    I've figured out NetShareCheck to check if a network share is valid,
    but is there a way to scan a remote machine for ANY available network
    shares, even if you don't know the name?

    Regards
     
    Trick Kid, Apr 2, 2006
    #1
    1. Advertising

  2. Trick Kid

    Dr.Ruud Guest

    Trick Kid schreef:

    > I've figured out NetShareCheck to check if a network share is valid,
    > but is there a way to scan a remote machine for ANY available network
    > shares, even if you don't know the name?


    That depends on what you define as 'available'. In Windows Explorer, go
    to 'My Network Places' and check which are avaible there. Those you will
    be able to enumerate. Alternatively, use the 'net' command in a DOS-box:
    net view /?
    net view \\127.0.0.1 (might include shares with a $NAME, meaning
    invisble)
    net view \\hostname

    More resources:

    Win32::NetResource (see the Example section)
    Win32::DriveInfo

    google: site:microsoft.com enumerate shares
    google: WNetEnumResource

    --
    Affijn, Ruud

    "Gewoon is een tijger."
     
    Dr.Ruud, Apr 3, 2006
    #2
    1. Advertising

  3. "Dr.Ruud" <> wrote in news:e0q0jt.f0.1
    @news.isolution.nl:

    > Trick Kid schreef:
    >
    >> I've figured out NetShareCheck to check if a network share is valid,
    >> but is there a way to scan a remote machine for ANY available network
    >> shares, even if you don't know the name?

    >
    > That depends on what you define as 'available'.


    Why make life easier for script kiddies?

    Sinan

    --
    A. Sinan Unur <>
    (remove .invalid and reverse each component for email address)

    comp.lang.perl.misc guidelines on the WWW:
    http://augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html
     
    A. Sinan Unur, Apr 3, 2006
    #3
  4. Trick Kid

    Dr.Ruud Guest

    A. Sinan Unur schreef:
    > Dr.Ruud:
    >> Trick Kid:


    >>> I've figured out NetShareCheck to check if a network share is valid,
    >>> but is there a way to scan a remote machine for ANY available
    >>> network shares, even if you don't know the name?

    >>
    >> That depends on what you define as 'available'.

    >
    > Why make life easier for script kiddies?


    Why read it in that way?

    Which shares are available to you, depends on which rights you have,
    which user you are, to which group you belong, etc.
    A server can selectively make many shares available, some for one type
    of user and some for another type of user.

    I use the enumeration of network resources for monitoring their
    availability.

    Here are nice tools to check a network and a host
    http://www.sysinternals.com/Utilities/ShareEnum.html
    http://www.sysinternals.com/Utilities/AccessEnum.html

    --
    Affijn, Ruud

    "Gewoon is een tijger."
     
    Dr.Ruud, Apr 3, 2006
    #4
  5. Trick Kid

    John Bokma Guest

    "A. Sinan Unur" <> wrote:

    > "Dr.Ruud" <> wrote in news:e0q0jt.f0.1
    > @news.isolution.nl:
    >
    >> Trick Kid schreef:
    >>
    >>> I've figured out NetShareCheck to check if a network share is valid,
    >>> but is there a way to scan a remote machine for ANY available network
    >>> shares, even if you don't know the name?

    >>
    >> That depends on what you define as 'available'.

    >
    > Why make life easier for script kiddies?


    Are you crazy?

    --
    John Bokma Freelance software developer
    &
    Experienced Perl programmer: http://castleamber.com/
     
    John Bokma, Apr 3, 2006
    #5
  6. "Dr.Ruud" <> wrote in
    news::

    > A. Sinan Unur schreef:
    >> Dr.Ruud:
    >>> Trick Kid:

    >
    >>>> I've figured out NetShareCheck to check if a network share is
    >>>> valid, but is there a way to scan a remote machine for ANY
    >>>> available network shares, even if you don't know the name?
    >>>
    >>> That depends on what you define as 'available'.

    >>
    >> Why make life easier for script kiddies?

    >
    > Why read it in that way?


    The original post contained nothing relevant to Perl

    Anybody with a little bit understanding of the Windows OS would have
    been able to figure out everything you pointed out.

    Of course, the easiest way to scan for available shares without having
    to know their names is to browse the network neighborhood.

    I am inclined not to trust the intentions of anyone who is ignorant
    enough to ask this question on this newsgroup.

    Sinan

    --
    A. Sinan Unur <>
    (remove .invalid and reverse each component for email address)

    comp.lang.perl.misc guidelines on the WWW:
    http://augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html
     
    A. Sinan Unur, Apr 3, 2006
    #6
  7. Trick Kid

    John Bokma Guest

    "A. Sinan Unur" <> wrote:

    > "Dr.Ruud" <> wrote in
    > news::
    >
    >> A. Sinan Unur schreef:
    >>> Dr.Ruud:
    >>>> Trick Kid:

    >>
    >>>>> I've figured out NetShareCheck to check if a network share is
    >>>>> valid, but is there a way to scan a remote machine for ANY
    >>>>> available network shares, even if you don't know the name?
    >>>>
    >>>> That depends on what you define as 'available'.
    >>>
    >>> Why make life easier for script kiddies?

    >>
    >> Why read it in that way?

    >
    > The original post contained nothing relevant to Perl
    >
    > Anybody with a little bit understanding of the Windows OS would have
    > been able to figure out everything you pointed out.
    >
    > Of course, the easiest way to scan for available shares without having
    > to know their names is to browse the network neighborhood.


    So uhm, yeah, big scriptkiddie alert!!! OMGzzzz!!!! I love ponies!!!
    ROFLLLZzzz

    --
    John Bokma Freelance software developer
    &
    Experienced Perl programmer: http://castleamber.com/
     
    John Bokma, Apr 3, 2006
    #7
  8. Trick Kid

    robic0 Guest

    On Mon, 03 Apr 2006 05:49:25 GMT, "A. Sinan Unur" <> wrote:

    >"Dr.Ruud" <> wrote in
    >news::
    >
    >> A. Sinan Unur schreef:
    >>> Dr.Ruud:
    >>>> Trick Kid:

    >>
    >>>>> I've figured out NetShareCheck to check if a network share is
    >>>>> valid, but is there a way to scan a remote machine for ANY
    >>>>> available network shares, even if you don't know the name?
    >>>>
    >>>> That depends on what you define as 'available'.
    >>>
    >>> Why make life easier for script kiddies?

    >>
    >> Why read it in that way?

    >
    >The original post contained nothing relevant to Perl
    >

    I don't know if Win32 is relavent to Perl.

    >Anybody with a little bit understanding of the Windows OS would have
    >been able to figure out everything you pointed out.
    >
    >Of course, the easiest way to scan for available shares without having
    >to know their names is to browse the network neighborhood.
    >

    Not if there is a CPAN module that already does it. I don't know if there
    is btw.
    >I am inclined not to trust the intentions of anyone who is ignorant
    >enough to ask this question on this newsgroup.
    >
    >Sinan


    Ok, here's the big Win32 secret unveiled. There may be a Perl module that
    covers these WNet functions. Looks easy enough to implement an interface for.
    Also, there is by now WMI classes and functions I'm sure.

    The way to browse Network Neighborhood:

    Windows Networking Functions
    The following functions are used in Windows networking:

    MultinetGetConnectionPerformance
    WNetAddConnection2
    WNetAddConnection3
    WNetCancelConnection
    WNetCancelConnection2
    WNetCloseEnum
    WNetConnectionDialog
    WNetConnectionDialog1
    WNetDisconnectDialog
    WNetDisconnectDialog1
    WNetEnumResource
    WNetGetConnection
    WNetGetLastError
    WNetGetNetworkInformation
    WNetGetProviderName
    WNetGetResourceInformation
    WNetGetResourceParent
    WNetGetUniversalName
    WNetGetUser
    WNetOpenEnum
    WNetUseConnection


    WNetOpenEnum
    =====================
    The WNetOpenEnum function starts an enumeration of network resources or existing connections. You can continue the enumeration by calling the WNetEnumResource function.

    DWORD WNetOpenEnum(
    DWORD dwScope, // scope of enumeration
    DWORD dwType, // resource types to list
    DWORD dwUsage, // resource usage to list
    LPNETRESOURCE lpNetResource, // resource structure
    LPHANDLE lphEnum // enumeration handle buffer
    );
    Parameters
    dwScope
    [in] Specifies the scope of the enumeration. This parameter can be one of the following values. Value Meaning
    RESOURCE_CONNECTED Enumerate all currently connected resources. The function ignores the dwUsage parameter. For more information, see the following Remarks section.
    RESOURCE_CONTEXT Enumerate only resources in the network context of the caller. Specify this value for a Network Neighborhood view. The function ignores the dwUsage parameter.
    RESOURCE_GLOBALNET Enumerate all resources on the network.
    RESOURCE_REMEMBERED Enumerate all remembered (persistent) connections. The function ignores the dwUsage parameter.


    dwType
    [in] Specifies the resource types to enumerate. This parameter can be a combination of the following values. Value Meaning
    RESOURCETYPE_ANY All resources. This value cannot be combined with RESOURCETYPE_DISK or RESOURCETYPE_PRINT.
    RESOURCETYPE_DISK All disk resources.
    RESOURCETYPE_PRINT All print resources.


    If a network provider cannot distinguish between print and disk resources, it can enumerate all resources.

    dwUsage
    [in] Specifies the resource usage type to enumerate. This parameter can be a combination of the following values. Value Meaning
    0 All resources.
    RESOURCEUSAGE_CONNECTABLE All connectable resources.
    RESOURCEUSAGE_CONTAINER All container resources.
    RESOURCEUSAGE_ATTACHED Setting this value forces WNetOpenEnum to fail if the user is not authenticated. The function fails even if the network allows enumeration without authentication.
    RESOURCEUSAGE_ALL Setting this value is equivalent to setting RESOURCEUSAGE_CONNECTABLE, RESOURCEUSAGE_CONTAINER, and RESOURCEUSAGE_ATTACHED.


    This parameter is ignored unless the dwScope parameter is equal to RESOURCE_GLOBALNET. For more information, see the following Remarks section.

    lpNetResource
    [in] Pointer to a NETRESOURCE structure that specifies the container to enumerate. If the dwScope parameter is not RESOURCE_GLOBALNET, this parameter must be NULL.
    If this parameter is NULL, the root of the network is assumed. (The system organizes a network as a hierarchy; the root is the topmost container in the network.)

    If this parameter is not NULL, it must point to a NETRESOURCE structure. This structure can be filled in by the application or it can be returned by a call to the WNetEnumResource function. The
    NETRESOURCE structure must specify a container resource; that is, the RESOURCEUSAGE_CONTAINER value must be specified in the dwUsage parameter.

    To enumerate all network resources, an application can begin the enumeration by calling WNetOpenEnum with the lpNetResource parameter set to NULL, and then use the returned handle to call
    WNetEnumResource to enumerate resources. If one of the resources in the NETRESOURCE array returned by the WNetEnumResource function is a container resource, you can call WNetOpenEnum to open the
    resource for further enumeration.

    lphEnum
    [out] Pointer to an enumeration handle that can be used in a subsequent call to WNetEnumResource.
    Return Values
    If the function succeeds, the return value is NO_ERROR.

    If the function fails, the return value can be one of the following error codes.

    Value Meaning
    ERROR_NOT_CONTAINER The lpNetResource parameter does not point to a container.
    ERROR_INVALID_PARAMETER Either the dwScope or the dwType parameter is invalid, or there is an invalid combination of parameters.
    ERROR_NO_NETWORK The network is unavailable.
    ERROR_EXTENDED_ERROR A network-specific error occurred. To obtain a description of the error, call the WNetGetLastError function.
     
    robic0, Apr 3, 2006
    #8
  9. A. Sinan Unur wrote:
    > Of course, the easiest way to scan for available shares without having
    > to know their names is to browse the network neighborhood.


    Scary thought, indeed.
    I the organization where I am working that's tens of thousands of shares....

    jue
     
    Jürgen Exner, Apr 3, 2006
    #9
  10. Trick Kid

    Matt Garrish Guest

    "John Bokma" <> wrote in message
    news:Xns979A15F30285Fcastleamber@130.133.1.4...
    > "A. Sinan Unur" <> wrote:
    >
    >> "Dr.Ruud" <> wrote in
    >> news::
    >>
    >>> A. Sinan Unur schreef:
    >>>> Dr.Ruud:
    >>>>> Trick Kid:
    >>>
    >>>>>> I've figured out NetShareCheck to check if a network share is
    >>>>>> valid, but is there a way to scan a remote machine for ANY
    >>>>>> available network shares, even if you don't know the name?
    >>>>>
    >>>>> That depends on what you define as 'available'.
    >>>>
    >>>> Why make life easier for script kiddies?
    >>>
    >>> Why read it in that way?

    >>
    >> The original post contained nothing relevant to Perl
    >>
    >> Anybody with a little bit understanding of the Windows OS would have
    >> been able to figure out everything you pointed out.
    >>
    >> Of course, the easiest way to scan for available shares without having
    >> to know their names is to browse the network neighborhood.

    >
    > So uhm, yeah, big scriptkiddie alert!!! OMGzzzz!!!! I love ponies!!!
    > ROFLLLZzzz
    >


    I wondered what you could possibly contribute to this thread, and how
    surprised I am...

    Matt
     
    Matt Garrish, Apr 3, 2006
    #10
  11. Trick Kid

    Dr.Ruud Guest

    Jürgen Exner schreef:
    > A. Sinan Unur wrote:


    >> Of course, the easiest way to scan for available shares without
    >> having to know their names is to browse the network neighborhood.

    >
    > Scary thought, indeed.
    > I the organization where I am working that's tens of thousands of
    > shares....


    It is not difficult nor cumbersome to make and keep them secure. There
    are many good tools for that.

    But there is always more to it:
    google: beatrix limewire
    ;)

    --
    Affijn, Ruud

    "Gewoon is een tijger."
     
    Dr.Ruud, Apr 3, 2006
    #11
  12. Trick Kid

    robic0 Guest

    On Mon, 03 Apr 2006 08:44:39 GMT, "Jürgen Exner" <> wrote:

    >A. Sinan Unur wrote:
    >> Of course, the easiest way to scan for available shares without having
    >> to know their names is to browse the network neighborhood.

    >
    >Scary thought, indeed.
    >I the organization where I am working that's tens of thousands of shares....

    with 1 domain and 1 firewall
    >
    >jue
    >

    Lucky for you multi-threading was invented.
     
    robic0, Apr 3, 2006
    #12
  13. Trick Kid

    Trick Kid Guest

    Sorry, perhaps I should have explained myself better in the original
    post. I am developing a product as part of a university assignment.
    The product is to be written in Perl and provide NMAP-type
    functionality, plus more, in order to aid a network administrator in
    checking the security of a small LAN (50-100 users). One of the
    functions I would like to provide is the ability to scan a network for
    open, vulnerable network shares. Obviously this can be achieved from
    Network Neighbourhood but the aim is to incorporate the functionailty
    in an automated Perl process.

    Trust me, I'm not a script kiddie :)

    Any help would be really appreciated with this.

    Cheers
     
    Trick Kid, Apr 3, 2006
    #13
  14. "Trick Kid" <> wrote in news::

    > Sorry, perhaps I should have explained myself better in the original
    > post. I am developing a product as part of a university assignment.
    > The product is to be written in Perl and provide NMAP-type
    > functionality, plus more, in order to aid a network administrator in
    > checking the security of a small LAN (50-100 users). One of the
    > functions I would like to provide is the ability to scan a network for
    > open, vulnerable network shares. Obviously this can be achieved from
    > Network Neighbourhood but the aim is to incorporate the functionailty
    > in an automated Perl process.


    http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm

    Especially:

    http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm#EXAMPLE

    --
    A. Sinan Unur <>
    (remove .invalid and reverse each component for email address)

    comp.lang.perl.misc guidelines on the WWW:
    http://augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html
     
    A. Sinan Unur, Apr 3, 2006
    #14
  15. Trick Kid

    robic0 Guest

    On Mon, 03 Apr 2006 14:50:47 GMT, "A. Sinan Unur" <> wrote:

    >"Trick Kid" <> wrote in news::
    >
    >> Sorry, perhaps I should have explained myself better in the original
    >> post. I am developing a product as part of a university assignment.
    >> The product is to be written in Perl and provide NMAP-type
    >> functionality, plus more, in order to aid a network administrator in
    >> checking the security of a small LAN (50-100 users). One of the
    >> functions I would like to provide is the ability to scan a network for
    >> open, vulnerable network shares. Obviously this can be achieved from
    >> Network Neighbourhood but the aim is to incorporate the functionailty
    >> in an automated Perl process.

    >
    >http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm
    >

    hahahahahahahahahahaaaaaaaaaaaaaaaaaaa
    >Especially:
    >
    >http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm#EXAMPLE
     
    robic0, Apr 3, 2006
    #15
  16. Trick Kid

    robic0 Guest

    On Mon, 03 Apr 2006 14:50:47 GMT, "A. Sinan Unur" <> wrote:

    >"Trick Kid" <> wrote in news::
    >
    >> Sorry, perhaps I should have explained myself better in the original
    >> post. I am developing a product as part of a university assignment.
    >> The product is to be written in Perl and provide NMAP-type
    >> functionality, plus more, in order to aid a network administrator in
    >> checking the security of a small LAN (50-100 users). One of the
    >> functions I would like to provide is the ability to scan a network for
    >> open, vulnerable network shares. Obviously this can be achieved from
    >> Network Neighbourhood but the aim is to incorporate the functionailty
    >> in an automated Perl process.

    >
    >http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm
    >
    >Especially:
    >
    >http://search.cpan.org/~gsar/libwin32-0.191/NetResource/NetResource.pm#EXAMPLE


    You may even want to look at

    http://search.cpan.org/~jdb/libwin32-0.26
    and
    http://search.cpan.org/~jdb/libwin32-0.26/NetResource/NetResource.pm

    Either way, install the latest version. Try repository or update in ppm.
    I think theres only limited core win32, however, this lib may be in
    the distribution (5.8+ ?).

    You know M$hit, they overload api's frequently. When it finally melts down
    they declare entire groups of funcs obsolete (translation: its too fucked
    up to fix) then re-write from scratch with new names and formats. Its a
    feature.

    I wonder how ActiveState keeps up with winblow's sdk's? Little elves running
    around just before Christmas. Maybe thats why so little in the core. But hey,
    thats why there's still dword types in M$hit's api's. Its hard to hang your hat
    on api's.
     
    robic0, Apr 3, 2006
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chad
    Replies:
    4
    Views:
    571
    Thomas Weidenfeller
    Sep 12, 2003
  2. todd smith
    Replies:
    3
    Views:
    410
    Roger Upole
    Jan 20, 2004
  3. I.V. Aprameya Rao

    samba/windows shares

    I.V. Aprameya Rao, Dec 9, 2004, in forum: Python
    Replies:
    1
    Views:
    373
    =?ISO-8859-1?Q?Eino_M=E4kitalo?=
    Dec 10, 2004
  4. I.V. Aprameya Rao

    samba/windows shares

    I.V. Aprameya Rao, Dec 9, 2004, in forum: Python
    Replies:
    0
    Views:
    402
    I.V. Aprameya Rao
    Dec 9, 2004
  5. Replies:
    1
    Views:
    351
    David Bolen
    Dec 30, 2004
Loading...

Share This Page