I revisit this 'hack' a lot because the problem only seems to be getting worse. It's the issue of sensitive information stored in an unprotected fashion on server shares accessible to anyone on the network -- typically in 'public' folders. My theory on why this problem is getting worse is that network administrators have so much information to manage and their users are doing so many careless things with their files, it's seemingly impossible to get your hands around the problem. That's still no excuse in the regulators' eyes. Here's what can happen:
- A network user with standard domain rights (or a hacker who's obtained their authentication information) scans the network for shares. A great tool for this is
- LANguard Network Security Scanner or some other tool that's freely available.
- He finds shares and literally tries to connect to them one by one to see what he can see.
- He realizes that there's so many files to sift through and decides to use the Windows Explorer search function -- or better yet -- a faster and more powerful tool such as Effective File Search or File Locator Pro to root out sensitive information.
- He simply runs his tool searching for .doc, .xls, .txt, .pdf and similar files containing text strings such as 'ssn', 'dob', 'license', and so forth. He'll undoubtedly find dozens if not hundreds or thousands of files containing the information he's looking for.
- He copies the information and then uses it against the victim via identity fraud, etc.
Again, test this for yourself and you'll see what I'm talking about. It doesn't matter what tool you use as long as you search for the right type of documents and the right text strings. The more the better.
If your file servers are publicly-accessible (heaven forbid, but I see it every now and then), there are various things an attacker can do with Google queries to root out sensitive server information as I outlined in my "How to Google hack Windows servers" tip. To test this for yourself I recommend using SiteDigger or Acunetix's Web Vulnerability Scanner that has a Google hacks scanning feature.
Hacking file servers
Step 1: Exploiting a missing patch
Step 2: Sniffing the network for juicy info
Step 3: Stumbling across sensitive files
Step 4: Executing related hacks that indirectly affect file servers
|ABOUT THE AUTHOR:|
|Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget|
This was first published in September 2006