| Name | Windows Admin Shares with Stolen Credentials |
| Summary | Windows systems have hidden network shares that are only accessible to administrators and allow files to be written to the local computer. Example network shares include: C$, ADMIN$ and IPC$. Adversaries may use valid administrator credentials to remotely access a network share to transfer files and execute code. It is possible for adversaries to use NTLM hashes to access administrator shares on systems with certain configuration and patch levels. |
| Prerequisites | |
| Solutions | Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed. Deny remote use of local admin credentials to log into systems. Do not allow accounts to be a local administrator on more than one system. |
| Related Weaknesses |
| CWE ID | Description |
| CWE-522 | Insufficiently Protected Credentials |
|
