Shares from Windows

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Shares from Windows

ubuntu-users mailing list
Just an observation

I was playing with shares on a mixed Windows & Ubuntu (flavours and
derivatives) home network.

Win to Win was troublesome but once I gave up on searching and just typed the
UNC of the Host (\\Host), all worked as expected (if not as advertised), all
normal shares were visible, next I tested using hidden shares, there they were
only viewable if the whole UNC (\\Host\hiddenshare$) was entered in address bar

(which is as it should be)

Now I tried the same thing from Bionic, I entered the bare Host UNC and nothing

found, then out of old habit I added smb: in front of the UNC even though I
have not installed Samba since a fresh install Xenial > Bionic, all the shares
were then viewable normal & hidden

Really glad I long ago disabled & removed the default hidden share(s) Admin$,
C$, D$ etc from all my M$ boxes, I will now have to remember to remove all
shares after use



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

Liam Proven
Comments re-ordered for clarity...


On Mon, 22 Oct 2018 at 08:22, Grizzly via ubuntu-users
<[hidden email]> wrote:

> Win to Win was troublesome
[...]

I think that this is *because* you did this:

> Really glad I long ago disabled & removed the default hidden share(s) Admin$,
> C$, D$ etc from all my M$ boxes, I will now have to remember to remove all
> shares after use

> found, then out of old habit I added smb: in front of the UNC even though I
> have not installed Samba since a fresh install Xenial > Bionic, all the shares
> were then viewable normal & hidden

"SMB" does not mean or equate to "Samba".

SMB is the name of MS' file-sharing protocol.
https://en.wikipedia.org/wiki/Server_Message_Block

 SaMBa is so-called because it implements SMB on Linux.

You only need Samba if you want to mount and use SMB shares at the
console, without a GUI.

GNOME-based (and AFAIK KDE) desktops implement their _own_ SMB support
at GUI level and do not need Samba to view or mount SMB shares.

Apple macOS also no longer uses Samba and it too can mount SMB shares,
using the smb:// protocol header.


--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

ubuntu-users mailing list
22 October 2018  at 12:10, Liam Proven wrote:
Re: Shares from Windows (at least in part)

>Comments re-ordered for clarity...

>On Mon, 22 Oct 2018 at 08:22, Grizzly via ubuntu-users
><[hidden email]> wrote:

>> Win to Win was troublesome
>[...]

>I think that this is *because* you did this:

Win-to-Win shares were always troublesome, even before I found out about the
(ever growing) list of "Hidden" shares that M$ set up by default, it got worse
IMO with each new release of Windows,

BUT my main point was that the hidden share(s) I had made were visable as soon
as I had entered smb:\\HostName, which is not a fault with Ubuntu but a
security hole on Windows end?, I have not (as yet) tested if this holds true
for later Windows (8.1 & 10) but does on Win 7 & I expect XP (not got Vista
anywhere so ...)  

>> Really glad I long ago disabled & removed the default hidden share(s) Admin$,
>> C$, D$ etc from all my M$ boxes, I will now have to remember to remove all
>> shares after use

>> found, then out of old habit I added smb: in front of the UNC even though I
>> have not installed Samba since a fresh install Xenial > Bionic, all the shares
>> were then viewable normal & hidden

>"SMB" does not mean or equate to "Samba".

Thank you, I stand corrected, the only time I had a call to use smb: before was
when I did have Samba installed, and IIRC smb: was in the instructions, given I
only really need to read Win from Linux not the other way, I'm sorted

>SMB is the name of MS' file-sharing protocol.
>https://en.wikipedia.org/wiki/Server_Message_Block

> SaMBa is so-called because it implements SMB on Linux.

>You only need Samba if you want to mount and use SMB shares at the
>console, without a GUI.

>GNOME-based (and AFAIK KDE) desktops implement their _own_ SMB support
>at GUI level and do not need Samba to view or mount SMB shares.

>Apple macOS also no longer uses Samba and it too can mount SMB shares,
>using the smb:// protocol header.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

Liam Proven
On Mon, 22 Oct 2018 at 13:17, Grizzly via ubuntu-users
<[hidden email]> wrote:

>
> 22 October 2018  at 12:10, Liam Proven wrote:
> Re: Shares from Windows (at least in part)
>
> >Comments re-ordered for clarity...
>
> >On Mon, 22 Oct 2018 at 08:22, Grizzly via ubuntu-users
> ><[hidden email]> wrote:
>
> >> Win to Win was troublesome
> >[...]
>
> >I think that this is *because* you did this:
>
> Win-to-Win shares were always troublesome, even before I found out about the
> (ever growing) list of "Hidden" shares that M$ set up by default, it got worse
> IMO with each new release of Windows,

Troublesome why or how?

They are part of the infrastructure of Windows NT and used in
Windows-to-Windows comms, domains, management etc. They've been there
ever since NT first appeared; I deployed NT 3.1 in production, the
first ever release.

Leave them alone! If you remove them, yes, things will break.

They're only available to administrators, and your normal login
shouldn't be one, meaning that they should be inaccessible anyway.

> BUT my main point was that the hidden share(s) I had made were visable as soon
> as I had entered smb:\\HostName, which is not a fault with Ubuntu but a
> security hole on Windows end?, I have not (as yet) tested if this holds true
> for later Windows (8.1 & 10) but does on Win 7 & I expect XP (not got Vista
> anywhere so ...)

There are a number of conventions in Windows just as there are in Unix.

In Unix, for example, due to an intentional code shortcut -- basically
a bug -- very early on, files whose names began with a dot were
invisible.

https://plus.google.com/+RobPikeTheHuman/posts/R58WgWwN9jp

https://linux-audit.com/linux-history-how-dot-files-became-hidden-files/

This proved both useful and problematic but it's remained and now it's
permanent.

Similarly, in Windows, a share whose name ends in a dollar sign won't be listed.

https://stackoverflow.com/questions/448371/why-are-these-folders-share-names-appended-with-dollar-signs

They are also meant to be admin-only accessible.

Linux does not respect this and shows them. The same as Linux shows
hidden files on Windows filesystems, lets you delete R/O files on an
NTFS, and so on. It's useful.


--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

Compdoc@hotrodpc.com
In reply to this post by ubuntu-users mailing list
Doing all that each time you install windows or whatever, I can see why
someone would hate Windows. That's too much work.

Just install Windows and use it. Don't try to out-engineer the engineers.


On 10/22/18 12:19 AM, Grizzly via ubuntu-users wrote:
> Really glad I long ago disabled & removed the default hidden share(s) Admin$,
> C$, D$ etc from all my M$ boxes, I will now have to remember to remove all
> shares after use
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

ubuntu-users mailing list
In reply to this post by Liam Proven
22 October 2018  at 15:16, Liam Proven wrote:
Re: Shares from Windows (at least in part)

>They are part of the infrastructure of Windows NT and used in
>Windows-to-Windows comms, domains, management etc. They've been there
>ever since NT first appeared; I deployed NT 3.1 in production, the
>first ever release.

>Leave them alone! If you remove them, yes, things will break.

AFAICT only third party (remote admin) software that wants root access will
surly break, I could be wrong only time will tell

>They're only available to administrators, and your normal login

Anyone with physical access to "a" machine on the network in question can with
little work be an admin

>shouldn't be one, meaning that they should be inaccessible anyway.

Well not so

If

1) you know (or can ping for) the ip of the target windows machine, (I went
back to test and it was the ip I used) the hostname is not required

2) you know the Homegroup name, which may be the hardist part (if it was not
left as WORKGROUP)

3) you have a valid login on Ubuntu (normal sudo level not even root)

all the hidden shares are visible, not sure what happens with a mounted
TrueCrypt volume? I don't have one at hand to test



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

ubuntu-users mailing list
In reply to this post by Compdoc@hotrodpc.com
22 October 2018  at 13:55, compdoc wrote:
Re: Shares from Windows (at least in part)

>Doing all that each time you install windows or whatever, I can see why
>someone would hate Windows. That's too much work.

It's not hard to remove them, (do this once)

Net share Admin$ /delete
Net share C$ /delete

And a Registry entry to stop them beening remade

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000

>Just install Windows and use it. Don't try to out-engineer the engineers.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

Liam Proven
In reply to this post by ubuntu-users mailing list
On Mon, 22 Oct 2018 at 17:29, Grizzly via ubuntu-users
<[hidden email]> wrote:

> AFAICT only third party (remote admin) software that wants root access will
> surly break, I could be wrong only time will tell

You have _already posted_ an example of what's gone wrong!

> Anyone with physical access to "a" machine on the network in question can with
> little work be an admin

If they have physical access to it then network shares don't matter
any more than a fart in a hurricane, now do they?


--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Shares from Windows

ubuntu-users mailing list
23 October 2018  at 10:18, Liam Proven wrote:
Re: Shares from Windows (at least in part)

>On Mon, 22 Oct 2018 at 17:29, Grizzly via ubuntu-users
><[hidden email]> wrote:

>You have _already posted_ an example of what's gone wrong!

Not sure anything was wrong as such, just not as expected and or advertised
(call me nieve)

>> Anyone with physical access to "a" machine on the network in question can with
>> little work be an admin

>If they have physical access to it then network shares don't matter
>any more than a fart in a hurricane, now do they?

I think we got a bit off my first point, and I have tested to see "IF"
replacing (undo the reg setting that stops them) the default shares makes them
secure (to other than afmins) and no it didn't but I did learn something, I was
wrong in a previous post, where I said you only need
1) the ip
2) the workgroup name
3) a Ubuntu valid login (Username & Password)

I got courious about a LiveUSB, and found that the only thing you NEED is
number 1

I booted the USB, clicked "connect to server" left the defaults in place
User = ubuntu
Domain = WORKGROUP
Password = anything at all (but not blank)

and low and behold all shares on the target where visible,
if I wanted to move down the structure I had to reenter the same settings as
above, then I was able to read anything

So for now I will keep the default shares off my M$ boxes, that way only the  
shares I want to have are visible

This may all be tighter on Win10, but as I won't be going there on my own
machines, I'll have to wait until a client with Win10 has a problem (wont take
long ;->)

Note:- nowhere on my network (other than on the LiveUSB itself) is there
a user called ubuntu
a Domain/WorkGroup called WORKGROUP
and the passwords I tested with don't exist anywhere



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users