[Pauldotcom] what files do you go for when you compromise a machine?
dninja at gmail.com
Wed Feb 3 07:53:18 UTC 2010
On 3 February 2010 02:50, Mike Patterson <mike at snowcrash.ca> wrote:
> Robin Wood wrote on 10-02-02 1837 :
>> .ssh/* - may as well grab everything
> Not all shells store things in .bash_history...
> I used to be a tcsh user, so .history. Not sure about non-csh/non-bash
> shells, but .??*history* might work - then you get mysql and perhaps
> postgres history files too.
Sounds good, I like your thinking.
More information about the Pauldotcom