...this hurts a lot to me :( damn! :) I would love to be there with gurus like you.. ..hope you'll share your chat results after shmoocon! ;D
> sure thing bro, I will be flying tomorrow afternoon. > On Feb 2, 2010, at 7:47 PM, Robin Wood wrote: > >> On 2 February 2010 23:42, Carlos Perez >> <[email protected]> wrote: >>> on client side %appdata% is the place to search for application >>> files there look for specific files from Mozilla products the >>> sqlite db's are gold, registry keys for putty, conf files for >>> filezilla, pgp/gpg keys among some. Do be careful downloading >>> office files and pdf's depending on the scope and clients things >>> can go weird fast specially if it is a hospital and all of the >>> sudden you have client data on your machine, same thing for >>> downloading employee personal data and the policies in the client >>> are lax and other information that might not be good to have in >>> your machine so ROE's are the limiting factor when it comes to >>> document folders. PST's can be a PITA depending their size so it >>> would be good to list them and then decide if to download them or >>> not. In meterpreter to know if a file exists there are only 2 ways >>> of doing it: >>> >>> - File stat and if it returns error then the file is not there (I >>> do not recommend) >>> - list folder content and look if the file exists (better >>> approach, do a list and save in an array that can be searched) >>> >>> I recommend you take a look at my Pidgin script part of the >>> framework and my browser enum script in my site for when you have >>> system privs how to enumerate the accounst and path to appdata >>> depending on the OS since it changes depending of the version of >>> windows. Hope it helps. >>> >>> Cheers, >>> Carlos >> >> I think we need to have a chat at Shmoocon! >> >> Robin >> >> >>> >>> >>> On Feb 2, 2010, at 5:48 PM, Robin Wood wrote: >>> >>>> I'm sure everyone has a set of files they look for when they get >>>> access to a box. For example, I like to look through all the "My >>>> Documents" and Desktop directories to see if there is anything >>>> useful >>>> in there, I would also look for .pst files. >>>> >>>> I'm thinking of creating a Metasploit module, similar to winenum, >>>> which will search the compromised machine for these files or >>>> check the >>>> specified directories so having a good base list to start with >>>> would >>>> be useful. >>>> >>>> Any suggestions? >>>> >>>> Robin >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
