Name Windows Admin Shares with Stolen Credentials
Summary Windows systems have hidden network shares that are only accessible to administrators and allow files to be written to the local computer. Example network shares include: C$, ADMIN$ and IPC$. Adversaries may use valid administrator credentials to remotely access a network share to transfer files and execute code. It is possible for adversaries to use NTLM hashes to access administrator shares on systems with certain configuration and patch levels.
Solutions Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed. Deny remote use of local admin credentials to log into systems. Do not allow accounts to be a local administrator on more than one system.
Related Weaknesses
CWE ID Description
CWE-522 Insufficiently Protected Credentials
Back to Top