CoCalc -- enum_shares.md

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/post/windows/gather/enum_shares.md
Views: ¹⁹⁰⁴

Vulnerable Application

This module will enumerate configured and recently used file shares.

Verification Steps

Start msfconsole
Get a session
Do: use post/windows/gather/enum_shares
Do: set SESSION <session id>
Do: run

Options

CURRENT

Enumerate currently configured shares (default: true)

RECENT

Enumerate recently mapped shares (default: true)

ENTERED

Enumerate recently entered UNC Paths in the Run Dialog (default: true)

Scenarios

Windows Server 2008 (x64)

msf6 > use post/windows/gather/enum_shares
msf6 post(windows/gather/enum_shares) > set session 1
session => 1
msf6 post(windows/gather/enum_shares) > run

[*] Running module against WIN-17B09RRRJTG (192.168.200.218)
[*] The following shares were found:
[*] 	Name: SYSVOL
[*] 	Path: C:\Windows\SYSVOL\sysvol
[*] 	Remark: Logon server share 
[*] 	Type: DISK
[*] 
[*] 	Name: NETLOGON
[*] 	Path: C:\Windows\SYSVOL\sysvol\corp.local\SCRIPTS
[*] 	Remark: Logon server share 
[*] 	Type: DISK
[*] 
[*] Recent mounts found:
[*] 	\\127.0.0.1\C$
[*] 
[*] Recent UNC paths entered in Run dialog found:
[*] 	\\10.1.1.100\
[*] 	\\127.0.0.1\C$
[*] 
[*] Post module execution completed