First: Rely on 135 ports, using WMI. A script like the one below is the physical directory that gets the shared directory TTT.
Copy Code code as follows:
strpath = "\\192.168.1.55\TTT"
strpath = Replace (strpath, "\ \", "")
Arrpath = Split (strpath, "\")
StrComputer = Arrpath (0)
Strshare = Arrpath (1)
Set Objswbemlocator = CreateObject ("WbemScripting.SWbemLocator")
Set objWMIService =objswbemlocator.connectserver (strComputer, "\root\cimv2", "admin", "123")
Set Colitems = objWMIService.ExecQuery _
("Select * from win32_share Where Name = '" & Strshare & "")
For each objitem in colitems
WScript.Echo Objitem.path
Next
/********************************* Microsoft Script has problems, only get native ***********************************************/
strpath = "\\atl-fs-01\public"
strpath = Replace (strpath, "\ \", "")
Arrpath = Split (strpath, "\")
StrComputer = Arrpath (0)
Strshare = Arrpath (1)
Set objWMIService = GetObject ("winmgmts:\\" & StrComputer & "\root\cimv2")
Set Colitems = objWMIService.ExecQuery _
("Select * from win32_share Where Name = '" & Strshare & "")
For each objitem in colitems
WScript.Echo Objitem.path
Next
/********************************* Microsoft Script has problems, only get native ***********************************************/
second, rely on 445 ports, rely on SMB. Bt5 under the Nmap
Copy Code code as follows:
root@bt:~# nmap--script smb-enum-shares--script-args=smbuser=administrator,smbpass=toor 192.168.1.108-p445
Starting Nmap 5.59beta1 (http://nmap.org) at 2012-02-14 15:29 CST
Nmap Scan for 192.168.1.108
The Host is up (0.00013s latency).
PORT State SERVICE
445/TCP Open Microsoft-ds
MAC address:00:0c:29:b3:f6:79 (VMware)
Host Script Results:
| Smb-enum-shares:
| admin$
| Type:stype_disktree_hidden
| Comment:remote Admin
| users:0, Max: <unlimited>
| Path:c:\windows
| Anonymous Access: <none>
| Current user (' Administrator ') access:read/write
| C $
| Type:stype_disktree_hidden
| Comment:default Share
| users:0, Max: <unlimited>
| Path:c:\
| Anonymous Access: <none>
| Current user (' Administrator ') access:read/write
| ipc$
| Type:stype_ipc_hidden
| Comment:remote IPC
| Users:1, Max: <unlimited>
| Path:
| Anonymous access:read <not a file share>
| Current user (' Administrator ') access:read <not a file share>
| NETLOGON
| Type:stype_disktree
| Comment:logon Server Share
| users:0, Max: <unlimited>
| Path:c:\windows\sysvol\sysvol\haiyangtop.com\scripts
| Anonymous Access: <none>
| Current user (' Administrator ') access:read/write
| SYSVOL
| Type:stype_disktree
| Comment:logon Server Share
| users:0, Max: <unlimited>
| Path:c:\windows\sysvol\sysvol
| Anonymous Access: <none>
| Current user (' Administrator ') access:read/write
| Ttt
| Type:stype_disktree
| Comment:
| users:0, Max: <unlimited>
| Path:c:\sharettt
| Anonymous Access: <none>
|_ Current user (' Administrator ') access:read
Nmap done:1 IP Address (1 host up) scanned in 0.56 seconds
root@bt:~#