The Sec-1 ShareCheck tool was designed for use during penetration tests against Microsoft Windows based networks. The aim of ShareCheck is to quickly identify configuration vulnerabilities that could be exploited to gain unauthorised access to systems and data without using aggressive exploit techniques.
ShareCheck helps identify the following vulnerabilities:
Use of non standard local administrator accounts
A common configuration weakness encountered during penetration testing engagements is the existence of a non-standard local administrator account. Quite commonly these account were never actually intended to be used but rather a temporary solution to perform a test or administrative task. Unmaintained accounts will frequently be configured with a weak password and can be easily compromised local administrator control of a given host.
Windows File Sharing Vulnerabilities
Windows file sharing permissions are based on the popular Discretionary Access Control (DAC) model, this essentially means that the owner of the resource uses his or her discretion when deciding who should be permitted access. Access is granted to either an individual user or a group of users, unfortunately file shares are rarely configured with security as a top priority and the course of least resistance is often applied. Vulnerabilities commonly arise when access to a confidential resource is granted to a group containing users who should not permitted to access it, or generalised group such as “Everyone” has erroneously been included.
General global groups granted local administrator access
General groups such as the default “Domain Users” group can often be granted local administrator control of a given host for one reason or another. ShareCheck can be configured to flag hosts that grant administrator control to global groups containing a given number of users.
Insecure account lockout threshold
ShareCheck will flag hosts that do not enforce an account lockout policy. Hosts that are excluded from the Domain Policy can be easy targets for the attacker.
ScreenShot: Sharecheck Report
Download Here: sharecheck