Skip to main content

Overview

The NetworkShares command enumerates network shares exposed by the system via WMI. This reveals shared folders, their paths, permissions, and descriptions, helping identify data exposure risks and potential lateral movement opportunities.

Syntax

Seatbelt.exe NetworkShares

Remote Execution

Seatbelt.exe NetworkShares -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns network share information:
  • Share name
  • Share path
  • Share description
  • Share type
  • Current connections

Use Cases

  • Red Team
  • Blue Team
  • Discover accessible file shares
  • Identify data exfiltration targets
  • Find writable shares for payload delivery
  • Locate administrative shares (C,ADMIN, ADMIN)
  • Map file server topology

Example Output

====== NetworkShares ======

Name        : IPC$
Path        :
Description : Remote IPC
Type        : IPC

Name        : ADMIN$
Path        : C:\Windows
Description : Remote Admin
Type        : Disk Drive Admin

Name        : C$
Path        : C:\
Description : Default share
Type        : Disk Drive Admin

Name        : SharedFiles
Path        : D:\Shared\Files
Description : Team Shared Documents
Type        : Disk Drive

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Low detection risk - queries WMI for share information.