Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] Invoke-ShareFinder equivalent in impacket #1176

Closed
CaledoniaProject opened this issue Oct 6, 2021 · 7 comments
Closed

[feature request] Invoke-ShareFinder equivalent in impacket #1176

CaledoniaProject opened this issue Oct 6, 2021 · 7 comments

Comments

@CaledoniaProject
Copy link
Contributor

Is anyone interested in creating an equivalent of this Invoke-ShareFinder script? Looks quite useful to me.

P.S: please consider add a Feature Request to your bug report template.
@p0dalirius
Copy link
Contributor

@CaledoniaProject I just implemented it: https://github.com/p0dalirius/FindUncommonShares

Best regards,
Podalirius

@CaledoniaProject
Copy link
Contributor Author

CaledoniaProject commented Oct 6, 2021
edited
Loading

@p0dalirius Hi there!

Invoke-ShareFinder is capable to find all shares in a domain, but FindUncommonShares targets specific computer only.

Invoke-ShareFinder first launches LDAP query to find all computers, then enumerate all the shares on the target computer, can you add this logic?

@p0dalirius
Copy link
Contributor

@CaledoniaProject Yes i can :) I'll add this in the next days :)

@p0dalirius
Copy link
Contributor

@CaledoniaProject It's done now :)

@CaledoniaProject
Copy link
Contributor Author

Environment:

  1. Linux CentOS 7 with Python 3.6 and installed impacket with pip(not github)
  2. Windows 2016 DC (10.10.10.20)
  3. Windows 2016 Exchange (10.10.10.21)
  4. Windows 2016 SRV1 (10.10.10.22)
  5. Windows 2016 SRV2 (10.10.10.23), TESTNET\lowpriv is in local administrator group

On Linux it got stuck, and no result available:

[root@XXX FindUncommonShares-main]# time python3 FindUncommonShares.py --dc-ip 10.10.10.20 -u lowpriv -p XXX -d testnet.com -debug
Impacket v0.9.23 - Copyright 2021 SecureAuth Corporation

[+] Impacket Library Installation Path: /usr/local/lib/python3.6/site-packages/impacket
[>] Extracting all computers ...
[+] Found 4 computers.
[>] Enumerating shares ...

real	4m1.491s
user	0m0.573s
sys	0m0.148s

On Windows the result is instantly available:

PS C:\Users\lowpriv\Desktop> Invoke-ShareFinder
\\Exchange.testnet.com\address  -
\\Exchange.testnet.com\ADMIN$   - Remote Admin
\\Exchange.testnet.com\C$       - Default share
\\Exchange.testnet.com\IPC$     - Remote IPC
\\SRV1.testnet.com\ADMIN$       - Remote Admin
\\SRV1.testnet.com\C$   - Default share
\\SRV1.testnet.com\CertEnroll   - Active Directory Certificate Services share
\\SRV1.testnet.com\IPC$         - Remote IPC
\\SRV1.testnet.com\share        -
\\DC-01.testnet.com\ADMIN$      - Remote Admin
\\DC-01.testnet.com\C$  - Default share
\\DC-01.testnet.com\IPC$        - Remote IPC
\\DC-01.testnet.com\NETLOGON    - Logon server share
\\DC-01.testnet.com\SYSVOL      - Logon server share
\\SRV2.testnet.com\ADMIN$       - Remote Admin
\\SRV2.testnet.com\C$   - Default share
\\SRV2.testnet.com\IPC$         - Remote IPC
PS C:\Users\lowpriv\Desktop>

@p0dalirius
Copy link
Contributor

p0dalirius commented Oct 7, 2021
edited
Loading

@CaledoniaProject you can open an issue in my project if you want.

I think it was a DNS issue in your case. My latest commit should solve the problem since I perform DNS lookups directly from the domain controller in the script.

@CaledoniaProject
Copy link
Contributor Author

CaledoniaProject commented Oct 7, 2021
edited
Loading

I confirm this issue is resolved, I will report further problems in your repo instead, thanks p0dalirius!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CaledoniaProject @p0dalirius