It would be impossible to write about low hanging fruits without mentioning network shares. I say it because they are usually my favorite path to elevate privileges when I'm performing a penetration test. Among stuff that I've already found on unprotected (I mean, Everyone - Full Control) shares are:- Source code for critical applications- Configuration files of applications containing database credentials (VERY COMMON)- Configuration files of applications containing Administrator level credentials for servers (service passwords!)- Debug logs containing a lot of sensitive information and even user credentials (SMS logs!)- Network and systems documentation (Lot's of Visio diagrams)- Personal private information (Human Resources stuff)Network shares appear and grow on the network like
Simple but dreadful, part 2 - Network shares
Simple but dreadful, part 2 - Network shares
Simple but dreadful, part 2 - Network shares
It would be impossible to write about low hanging fruits without mentioning network shares. I say it because they are usually my favorite path to elevate privileges when I'm performing a penetration test. Among stuff that I've already found on unprotected (I mean, Everyone - Full Control) shares are:- Source code for critical applications- Configuration files of applications containing database credentials (VERY COMMON)- Configuration files of applications containing Administrator level credentials for servers (service passwords!)- Debug logs containing a lot of sensitive information and even user credentials (SMS logs!)- Network and systems documentation (Lot's of Visio diagrams)- Personal private information (Human Resources stuff)Network shares appear and grow on the network like