Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

nessuscmd Tip: Finding Open SMB File Shares

Penetration testers spend a lot of time searching for software vulnerabilities, such as buffer overflows or SQL injection. However, there are many other ways in which networks and systems can present vulnerabilities. Open SMB file shares can disclose sensitive information about an organization: I've found everything from student grades to bank account numbers using this technique. A great way to check for the presence of open SMB shares is to run a quick Nessus scan from the command line as follows:

# ./nessuscmd -U -p139,445 -V -i 10396 192.168.1.0/24

The flags used in this command perform the following functions:

nessuscmd Option Description
-U Disable safe checks
-p139,445 Limit the scan to TCP ports 139 and 445
-V Force nessuscmd to print the full plugin output
-i 10396 Define the plugin ID (In this case plugin id 10396, "SMB shares access")

This will result in the following output:

+ Results found on 192.168.10.230 :
- Port netbios-ssn (139/tcp) is open
- Port microsoft-ds (445/tcp) is open
[!] Plugin ID 10396
|
| Synopsis :
|
| It is possible to access a network share.
|
| Description :
|
| The remote has one or many Windows shares that can be accessed
| through the network with the given credentials.
| Depending on the share rights, it may allow an attacker to
| read/write confidential data.
|
| Solution :
|
| To restrict access under Windows, open the explorer, do a right
| click on each shares, go to the 'sharing' tab, and click on
| 'permissions'.
|
| Risk factor :
|
| High / CVSS Base Score : 7.5
| (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
| Plugin output :
|
| The following shares can be accessed as nessus6804946061421403042121321
| 621 :
|
| - backup  - (readable,writable)
|   + Content of this share :
| ..
| CreditApplication_Fax.pdf
| Payroll_2009.xls
| Invoice10001.doc

This is a great script to run on a regular basis, or in an ad-hoc fashion, to keep tabs on what file shares are exposed in your environment and what information is available. Nessus ProfessionalFeed subscribers can also perform a sensitive data audit of files and documents located on Windows computers. Tenable offers mulitple audit polices which scan files for credit cards, adult media, financial spread sheets and much more.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.