Most Windows administrators have used “hidden shares” from time to time.
net use * \\computer\c$” gives you a share, if you have access, to the C: drive on the named computer.
Occasionally, someone will suggest that hidden shares are a great security measure, allowing you to create shares that are inaccessible to anyone who doesn’t know the mystic magic incantation. Okay, so C$ and D$ are obvious, but ABRACADABRA$, who’s going to know that exists?
For a while, it’s been demonstrated by a number of my favourite security tools – Jesper Johansson, Mark Russinovich (or rather, the tools these security tool gurus wrote) – that these hidden shares are really hidden by the client.
Yes, hidden by the client. That means that when your program enumerates the shares on a remote server, all the shares, including the hidden ones, come back in the list of shares, and the clients choose whether to display them all or hide the ones with a dollar sign at the end.
I am reminded of the Ravenous Bugblatter Beast of Traal.
Clearly, someone at Microsoft got as sick as I do of having to face people who say “ah, but only the really clever hackers will have access to those tools” (forgetting, conveniently, that I have access to the tools, so it’s really not that special).
In Windows Vista, you can now see all the hidden shares by running the single command “
net view \\computer /all“:
Doubtless someone will say what a horrible stupid and generally bad-for-security thing this is that Microsoft has done, because it now means that everyone can see all your hidden shares.
Me? I think it’s about time that people stopped hiding stuff in ways that require the client to be well behaved in order for them to stay hidden. I plan to include “net view \\computer /all” in my toolkit for scaring the unwary and the unwise into taking real security measures rather than covering everything in their security blanket.