shareenum.py

shareenum.zip

During an audit I needed a tool to enumerate the permissions for all shared file ressources within a large client network. Although there are several tools to enumerate client shares (e.g. nmap), I have found none for enumerating the permissions in detail.

The python script is basically a wrapper for "rpcclient" from the samba client package. This is not an attack tool, you will need to have proper administrative rights to read the share permissions (see line "RPCCommand = ..." in the source). In addition to enumerating the share permissions, the script also enumerates the local groups (e.g. local administrators).

 


 

Example log file content:

10.0.0.1  netshareenum  netname: SecretShare  remark: (null)  path: C:\  password: (null) ...
10.0.0.1  netsharegetinfo  netname: SecretShare ... Permissions: 0x1f01ff: ... SID: S-1-1-0:\Everybody ...
10.0.0.1  querydominfo  Domain: PC01  Server: ...
10.0.0.1  enumalsgroups_builtin  group:[Administrators] rid:[0x220]  group:[Backup Operators] rid:[0x227]...
10.0.0.1  queryaliasmem 0x220 S-...-500:PC01\Administrator  S-...-...:DOM\SecretAdmin