On 3 February 2010 17:48, Andrew Ellis <[email protected]> wrote: > I'd take a look for any SVN checkouts, repos, etc. The same for git and CVS. > > I'm only really familiar with SVN, so this list is only for SVN, but > should find repos and checkouts: > > .svn/entries > db/revs > svn-commit.tmp > > Nabbing custom code can be a pretty good find, especially if it's for > a customer who's business revolves around that code
Good suggestion, I'll add MS SourceSafe or whatever they are calling now, I haven't used it for years. Robin > > On Wed, Feb 3, 2010 at 1:54 AM, Robin Wood <[email protected]> wrote: >> On 3 February 2010 00:28, Nicholas B. <[email protected]> wrote: >>> I have a project on deck for aftet to catalog as many of these files >>> as is possible as well as those on *nix platforms.. I hope to make >>> some sort of submission db for them so all of the credential stores >>> people come across for borh O/S and applications are well documented. >>> How can we know what needs to be protected if we don't have this sort >>> of info when doing so? >> >> If you get the db going maybe the two can be tied together somehow. >> Users could ask my script for just files with credentials which would >> then hit your database to find the list. >> >>> >>> On 2/2/10, Carlos Perez <[email protected]> wrote: >>>> sure thing bro, I will be flying tomorrow afternoon. >>>> On Feb 2, 2010, at 7:47 PM, Robin Wood wrote: >>>> >>>>> On 2 February 2010 23:42, Carlos Perez <[email protected]> >>>>> wrote: >>>>>> on client side %appdata% is the place to search for application files >>>>>> there look for specific files from Mozilla products the sqlite db's are >>>>>> gold, registry keys for putty, conf files for filezilla, pgp/gpg keys >>>>>> among some. Do be careful downloading office files and pdf's depending on >>>>>> the scope and clients things can go weird fast specially if it is a >>>>>> hospital and all of the sudden you have client data on your machine, same >>>>>> thing for downloading employee personal data and the policies in the >>>>>> client are lax and other information that might not be good to have in >>>>>> your machine so ROE's are the limiting factor when it comes to document >>>>>> folders. PST's can be a PITA depending their size so it would be good to >>>>>> list them and then decide if to download them or not. In meterpreter to >>>>>> know if a file exists there are only 2 ways of doing it: >>>>>> >>>>>> - File stat and if it returns error then the file is not there (I do not >>>>>> recommend) >>>>>> - list folder content and look if the file exists (better approach, do a >>>>>> list and save in an array that can be searched) >>>>>> >>>>>> I recommend you take a look at my Pidgin script part of the framework and >>>>>> my browser enum script in my site for when you have system privs how to >>>>>> enumerate the accounst and path to appdata depending on the OS since it >>>>>> changes depending of the version of windows. Hope it helps. >>>>>> >>>>>> Cheers, >>>>>> Carlos >>>>> >>>>> I think we need to have a chat at Shmoocon! >>>>> >>>>> Robin >>>>> >>>>> >>>>>> >>>>>> >>>>>> On Feb 2, 2010, at 5:48 PM, Robin Wood wrote: >>>>>> >>>>>>> I'm sure everyone has a set of files they look for when they get >>>>>>> access to a box. For example, I like to look through all the "My >>>>>>> Documents" and Desktop directories to see if there is anything useful >>>>>>> in there, I would also look for .pst files. >>>>>>> >>>>>>> I'm thinking of creating a Metasploit module, similar to winenum, >>>>>>> which will search the compromised machine for these files or check the >>>>>>> specified directories so having a good base list to start with would >>>>>>> be useful. >>>>>>> >>>>>>> Any suggestions? >>>>>>> >>>>>>> Robin >>>>>>> _______________________________________________ >>>>>>> Pauldotcom mailing list >>>>>>> [email protected] >>>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>>>> Main Web Site: http://pauldotcom.com >>>>>> >>>>>> _______________________________________________ >>>>>> Pauldotcom mailing list >>>>>> [email protected] >>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>>> Main Web Site: http://pauldotcom.com >>>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> -- >>> Sent from my mobile device >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > Andrew Ellis > http://blog.psych0tik.net > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
