Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-643:Identify Shared Files/Directories on System
Attack Pattern ID:643
Version:v3.9
Attack Pattern Name:Identify Shared Files/Directories on System
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Medium
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS309Network Topology Mapping
CanPrecedeM165File Manipulation
CanPrecedeS545Pull Data from System Resources
CanPrecedeD561Windows Admin Shares with Stolen Credentials
Nature: ChildOf
Type: Standard
ID: 309
Name: Network Topology Mapping
Nature: CanPrecede
Type: Meta
ID: 165
Name: File Manipulation
Nature: CanPrecede
Type: Standard
ID: 545
Name: Pull Data from System Resources
Nature: CanPrecede
Type: Detailed
ID: 561
Name: Windows Admin Shares with Stolen Credentials
▼Execution Flow
▼Prerequisites
The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).
▼Skills Required
Low

Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line. The adversary, or their malware, can simply employ a set of commands that search for shared drives on the system (e.g., net view \\remote system or net share).

▼Resources Required
None: No specialized resources are required to execute this type of attack.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead DataThe adversary is potentially able to identify the location of sensitive information or lateral pathways through the network.
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: The adversary is potentially able to identify the location of sensitive information or lateral pathways through the network.
▼Mitigations
Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using allowlist tools.
▼Example Instances
▼Related Weaknesses
IDName
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-267Privilege Defined With Unsafe Actions
ID: CWE-200
Name: Exposure of Sensitive Information to an Unauthorized Actor
ID: CWE-267
Name: Privilege Defined With Unsafe Actions
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1135Network Share Discovery
Taxonomy Name: ATTACK
Entry ID: 1135
Entry Name: Network Share Discovery
▼Notes
▼References
Details not found