[Pauldotcom] what files do you go for when you compromise a machine?
Robin Wood
dninja at gmail.com
Tue Feb 2 23:37:53 UTC 2010
On 2 February 2010 22:51, Mike Patterson <mike at snowcrash.ca> wrote:
> On 2010/02/02 4:48 PM, Robin Wood wrote:
>> Any suggestions?
>
> Do you mean Windows hosts, or in general? You mentioned Windows stuff.
Just because winenum is there as a template I was going to do it as a
windows scanner first but could expand it to include other OSs later
> In general though, things that allow automatic login to remote hosts -
> saved RDP sessions, SSH keys, things of that nature. Command history if
> it's available, it might tell you hosts that the user of the workstation
> connects to regularly. Maybe you know their password and you can use
> that on these other hostnames too.
So that would be:
Windows
*.rdp
Linux
.ssh/* - may as well grab everything
.bash_history
Robin
More information about the Pauldotcom
mailing list