FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
Home Page: https://podalirius.net/
Hello - just a suggestion to update the readme as the command line has changed significantly. While, yes, most can read the help man page, it's useful to have the read me updated for accessibility. Thanks!
Can you add an option to filter access rights? e.g --readable / --writable
The DC is close ldap,cant get computers,but I have computers ip list in IP.txt,How do I operate
Can you an argument to support custom dnsserver instead of dc-ip? Also, please print something when DNS resolve failed. Right now I had to modify the script to make it work.
Can you also check whether it's readable anonymously or accessible by current user?
Hi!
I'll like to suggest changing slightly the color schema for the access types:
access:
access:
access:
I you like, I can make the changes and submit a pull request.
Can you take a look at this? https://github.com/fortra/impacket/blob/master/examples/smbexec.py#L378
All impacket scripts use something like user:pass@domain to specify the clear-text credentials, but your script splits it into 3 arguments.
[>] Extracting all computers ...
[+] Found 0 computers in the domain.
[>] Enumerating shares ...
Traceback (most recent call last):
File "./FindUncommonShares.py", line 648, in <module>
with ThreadPoolExecutor(max_workers=min(options.threads, len(computers.keys()))) as tp:
File "/usr/lib64/python3.6/concurrent/futures/thread.py", line 104, in __init__
raise ValueError("max_workers must be greater than 0")
ValueError: max_workers must be greater than 0
Ran into this issue today where nothing was resolving. While troubleshooting I added the target_name to the --debug output to help. Figured someone else may find it useful as well. Pull request incoming. Trash it if you don't think it's useful. :)
python3 FindUncommonShares.py -u administrator -p 'REDACTED' --dc-ip 192.168.1.20 --debug
FindUncommonShares v3.0 - by @podalirius_
[>] Extracting all computers ...
[+] Found 7 computers in the domain.
[>] Enumerating shares ...
[!] Could not resolve user.lab.local
[>] Skipping common share 'ADMIN$' on 'ws01.lab.local' (comment: 'Remote Admin')
[>] Skipping common share 'C$' on 'ws01.lab.local' (comment: 'Default share')
[>] Skipping common share 'IPC$' on 'ws01.lab.local' (comment: 'Remote IPC')
[>] Found 'Temp' on 'ws01.lab.local'
[>] Skipping common share 'ADMIN$' on 'dc01.lab.local' (comment: 'Remote Admin')
[>] Skipping common share 'C$' on 'dc01.lab.local' (comment: 'Default share')
[>] Skipping common share 'IPC$' on 'dc01.lab.local' (comment: 'Remote IPC')
[>] Skipping common share 'NETLOGON' on 'dc01.lab.local' (comment: 'Logon server share ')
[>] Skipping common share 'SYSVOL' on 'dc01.lab.local' (comment: 'Logon server share ')
[+] Bye Bye!
Please add the comment field to your output. Currently only the folder name and server name is displayed.
I would like to run this script on servers, can you add a ldap filter to do that? e.g (operatingSystem=*Windows Server*)
Right now I had to modify the hardcoded ldap query.
When using certain flags, such as --ignore-hidden-shares or --readable, the exported output file does not seem to adhere to the specified filters. For instance, as demonstrated in the attached image, despite activating the --ignore-hidden-shares and --readable flags, the output includes all shares. This includes shares to which I lack read access, and hidden shares like C$. Is this the intended behavior?
Can you take a look at this one and add a "writable" access check?
https://github.com/Porchetta-Industries/CrackMapExec/blob/master/cme/protocols/smb.py#L734
FindUncommonShares/FindUncommonShares.py
Line 419 in 227183f
Running FindUncommonShares.py with password-based authentication results in an authentication invalid error due to the logic in the sectools/windows/ldap.py library. Currently, the condition check on line 169 of the ldap.py library gets triggered when no hashes are supplied to FindUncommonShares.py because the nthash and lmhash variables are passed as empty strings instead of 'None' type.
Removing the condition checks for nthash is not None and lmhash is not None in line 169 of the ldap.py library resolves the issue but I'm not sure if these conditions should be kept.
Running FindUncommonShares.py after removing the two conditional checks mentioned above results in the tool running as expected.
FindUncommonShares v3.2 - by @podalirius_
[+] No password of hashes provided and --no-pass is 'False'
Traceback (most recent call last):
File "/workspace/./f.py", line 891, in <module>
options = parseArgs()
^^^^^^^^^^^
File "/workspace/./f.py", line 479, in parseArgs
options.auth_password = getpass(" | Provide a password for '%s\\%s':" % (options.auth_domain, options.auth_username))
^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Namespace' object has no attribute 'auth_username'. Did you mean: 'auth_user'?
Hi,
Thank you for this tool!
I am trying to authenticate using a NT hash but for unknown reasons I am unable to format my command in a way this tool accepts. I have tried different syntax but so far none works. Including the one that is outputted in the the error message (which does not make sence). What is the correct syntax? If this is a bug, perhaps Kerberos authentication should be verified as well.
Can you add an option to customize COMMON_SHARES variable? Sometimes I would like to keep C$.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.