-
Notifications
You must be signed in to change notification settings - Fork 2
Module shares
The shares
module offers precisely what it states: a view of the network shares available on a host through SMB, and if the user can read them. It also lists the name of the first-level files and directories. In the case where the count of items exceeds __MAX_SHARE_LIST_ITEMS
(currently 30), a total of files and directories will be reported instead.
A typical use of this module is to identify potential targets where sensitive information may be found.
At the moment, this module does not report whether a share is writable or not, due to the fact that the easiest method to find out is by writing to a share; however this has a significant caveat: a user may have write access but not delete, resulting in an item that cannot be deleted.
The mindset of this tool is to avoid disrupting operations and polluting environments as much as possible, and therefore will avoid any case that have a strong possibility of doing so.
One may explore the idea of parsing ACEs through the Authz API queryable via MS-RAA, but may have to channel the Great Old Ones in order to master the dark arts.