Microsoft Share Error: Security Policies & Honeypot Gold! #shorts

So I tried to access the share and Microsoft came back and told me system error 1272 has occurred. You can't access this shared folder because your organization security policies block unauthenticated guest access. Isn't that awesome that we have security policies that keep us safe? So I love that error because Microsoft is like that's dangerous. someone could get your password hashes and then it literally does that thing right here. But if I'm setting this up as a honeypot, there's some great information here. I have the source IP address. I have the host name. I have the name of the user. And as an added bonus, I also have their password hash. But this is enough information for you. If somebody

post exploitation is trying to enumerate shares in your environment, you're going to be able to identify the system immediately. And once again, and I cannot stress this enough, any attacker post exploitation is going to try to enumerate shares in your environment. You name a share secret or help desk, IT admin, any of these, those are the first shares an attacker is going to go