Accessing Hidden Shares

May 22, 2005 at 06:04:05
Specs: WinXP Pro, n/a

In the Administrative Tools Computer Management console under Shares, you will find many shares you didnt know you had such as Admin$, IPC$, and C$ (even if you dont have your c drive shared). Because of the $ after the names, these are hidden shares.
My question is, how can you gain access to their resources?
I know it can be done from a windows xp platform to a Windows200Pro platform by adding your user to the Remote Administrators group. However, I do not know how to access...say...C drive (c$ share) going from winxp to winxp. Further more I dont know how to access any of the other hidden shares (IPC$ and Admin$). If I remember correctly the Admin$ leads to the Administrator's Documents and Settings directory, but im not sure where IPC leads. Like I said, I can gain access to a windows200pro hidden shares via the method I described above but can not with windows xp using the same method. Can someone explain to me what microsoft was thinking by making these hidden shares and how to gain access to them over my LAN (for experimental purposes).
I have been wondering about this for a long long time so if anyone can share their knowledge of this with me id greatly appreciate it.

There are 10 types of people in the world, those who know binary, and those who don't.

See More: Accessing Hidden Shares

Report •

May 22, 2005 at 07:17:00

The $ denotes an administrative share. These shares are only "hidden" from non-administrative level users. As an administrator on a local machine you have access to all the admin shares by default.

If you want to access one on a remote PC you have to be a member of the administrators group on that PC...which means making an account on the target machine and adding it to the administrators group.

Report •

May 22, 2005 at 07:59:39

Alright, let me see if I got this straight. So if I my user name on my pc is "Joe" I will have to go to the computer im trying to connect to and add a user to it called "Joe" with the same password settings, then add Joe to the Administrators group?
For me to connect from my winxp box to my windows2k box, I dont have to set up my user name on the windows2k box, I simply add myself to the Remote Desktop Users group on my windows xp box and connect to \\\c$ (my windows2k computer) and it gives me access to the share. It does prompt me for a log on, so I log in as "Administrator" with no password and it gives me full access to all the shares.

I was just trying to figure out how to accomplish this from winxp pc to winxp pc. Perhaps it is just a windows2k unpatched exploit, but are you sure it cant be done?...especially with no Administrator password set?

There are 10 types of people in the world, those who know binary, and those who don't.

Report •

Related Solutions

Ask Question