Problem solve Get help with specific problems with your technologies, process and projects.

Step 3: Stumbling across sensitive files

File servers hold much of an enterprise's sensitive data and are certainly a prime target of malicious hackers. Security testing expert Kevin Beaver says you'd be surprised how easy it is to attack these servers, from inside or outside the network. Kevin outlines some of these techniques in this step-by-step guide.

I revisit this 'hack' a lot because the problem only seems to be getting worse. It's the issue of sensitive information stored in an unprotected fashion on server shares accessible to anyone on the network -- typically in 'public' folders. My theory on why this problem is getting worse is that network administrators have so much information to manage and their users are doing so many careless things with their files, it's seemingly impossible to get your hands around the problem. That's still no excuse in the regulators' eyes. Here's what can happen:

  1. A network user with standard domain rights (or a hacker who's obtained their authentication information) scans the network for shares. A great tool for this is LANguard Network Security Scanner or some other tool that's freely available.
  2. He finds shares and literally tries to connect to them one by one to see what he can see.
  3. He realizes that there's so many files to sift through and decides to use the Windows Explorer search function -- or better yet -- a faster and more powerful tool such as Effective File Search or File Locator Pro to root out sensitive information.
  4. He simply runs his tool searching for .doc, .xls, .txt, .pdf and similar files containing text strings such as 'ssn', 'dob', 'license', and so forth. He'll undoubtedly find dozens if not hundreds or thousands of files containing the information he's looking for.
  5. He copies the information and then uses it against the victim via identity fraud, etc.

Again, test this for yourself and you'll see what I'm talking about. It doesn't matter what tool you use as long as you search for the right type of documents and the right text strings. The more the better.

If your file servers are publicly-accessible (heaven forbid, but I see it every now and then), there are various things an attacker can do with Google queries to root out sensitive server information as I outlined in my "How to Google hack Windows servers" tip. To test this for yourself I recommend using SiteDigger or Acunetix's Web Vulnerability Scanner that has a Google hacks scanning feature.

Hacking file servers

 Home: Introduction
 Step 1: Exploiting a missing patch
 Step 2: Sniffing the network for juicy info
 Step 3: Stumbling across sensitive files
 Step 4: Executing related hacks that indirectly affect file servers
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ Copyright 2006 TechTarget

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.