Pennyw0rth
Requesting for INCLUDE_FILTER and Issue in EXCLUDE_FILTER for SMB Protocol
Hello NetExec Team,
I would like to suggest a feature that would allow us to filter and target only specific SMB shares we want to access.
While working on a HackTheBox machine, I ran into an issue where multiple SMB shares were accessible and readable. Even after using the EXCLUDE_FILTER option to try and leave out the ones I didn't need, they still ended up being included in the process. I was hoping there could be a way for us to include only a specific share, rather than relying solely on excluding the others. Using EXCLUDE_EXTS isn't really practical either, especially when we have no idea what kinds of files are stored in those shares.
The box I was working on is called EscapeTwo. It had 7 shares available, as you can see in the screenshot below:
I was only trying to download all the files inside the Accounting Department share, so I used the EXCLUDE_FILTER to try and leave out the rest:
However, even after doing that, you can see it still pulled in shares like IPC$, NETLOGON, SYSVOL, and Users.
Some of these shares, like SYSVOL and Users, actually had files inside, so folders were created for them in the output:
It would be great if there were a way to specifically include only the shares we want, instead of just excluding the ones we don’t. I think it would really help in cases like this where there are a lot of shares and we only need to focus on one.
Thank you for considering this!
