获取远程机器共享目录的物理路径的代码
程序员文章站
2022-04-29 09:25:42
第一:依靠135端口,用wmi。像下边的脚本是得到共享目录ttt的物理目录。 复制代码 代码如下: strpath ="\\192.168.1.55\ttt" strpat...
第一:依靠135端口,用wmi。像下边的脚本是得到共享目录ttt的物理目录。
复制代码 代码如下:
strpath ="\\192.168.1.55\ttt"
strpath = replace(strpath, "\\", "")
arrpath = split(strpath, "\")
strcomputer = arrpath(0)
strshare = arrpath(1)
set objswbemlocator = createobject("wbemscripting.swbemlocator")
set objwmiservice =objswbemlocator.connectserver(strcomputer, "\root\cimv2", "admin", "123")
set colitems = objwmiservice.execquery _
("select * from win32_share where name = '" & strshare & "'")
for each objitem in colitems
wscript.echo objitem.path
next
/*********************************微软的脚本有问题,只能得到本机***********************************************/
strpath = "\\atl-fs-01\public"
strpath = replace(strpath, "\\", "")
arrpath = split(strpath, "\")
strcomputer = arrpath(0)
strshare = arrpath(1)
set objwmiservice = getobject("winmgmts:\\" & strcomputer & "\root\cimv2")
set colitems = objwmiservice.execquery _
("select * from win32_share where name = '" & strshare & "'")
for each objitem in colitems
wscript.echo objitem.path
next
/*********************************微软的脚本有问题,只能得到本机***********************************************/
第二、依靠445端口,靠smb。bt5下的 nmap
复制代码 代码如下:
root@bt:~# nmap --script smb-enum-shares --script-args=smbuser=administrator,smbpass=toor 192.168.1.108 -p445
starting nmap 5.59beta1 ( http://nmap.org ) at 2012-02-14 15:29 cst
nmap scan report for 192.168.1.108
host is up (0.00013s latency).
port state service
445/tcp open microsoft-ds
mac address: 00:0c:29:b3:f6:79 (vmware)
host script results:
| smb-enum-shares:
| admin$
| type: stype_disktree_hidden
| comment: remote admin
| users: 0, max: <unlimited>
| path: c:\windows
| anonymous access: <none>
| current user ('administrator') access: read/write
| c$
| type: stype_disktree_hidden
| comment: default share
| users: 0, max: <unlimited>
| path: c:\
| anonymous access: <none>
| current user ('administrator') access: read/write
| ipc$
| type: stype_ipc_hidden
| comment: remote ipc
| users: 1, max: <unlimited>
| path:
| anonymous access: read <not a file share>
| current user ('administrator') access: read <not a file share>
| netlogon
| type: stype_disktree
| comment: logon server share
| users: 0, max: <unlimited>
| path: c:\windows\sysvol\sysvol\haiyangtop.com\scripts
| anonymous access: <none>
| current user ('administrator') access: read/write
| sysvol
| type: stype_disktree
| comment: logon server share
| users: 0, max: <unlimited>
| path: c:\windows\sysvol\sysvol
| anonymous access: <none>
| current user ('administrator') access: read/write
| ttt
| type: stype_disktree
| comment:
| users: 0, max: <unlimited>
| path: c:\sharettt
| anonymous access: <none>
|_ current user ('administrator') access: read
nmap done: 1 ip address (1 host up) scanned in 0.56 seconds
root@bt:~#