the hackers can take advantage over the default hidden share present in windows box specifically the IPS$ share, ( IPC - Inter Process Connect ), here the attacker can exploit this just by using the ‘net use’ command that is shiped with the windows machine itself, they will juts use the ‘net use ‘ command and will establish a remote connection via IPC$ and once done, they can remotely create user account on the compromised box and can establish a telnet connection and can easily root the box.

have it disabled, read it here on how to disable weindex.blogspot.com/2009/01/remove-hidden-shares-from-win32-boxes.html

Reply