[Pauldotcom] with full read access what would you read
d4ncingd4n at gmail.com
d4ncingd4n at gmail.com
Tue Nov 2 19:34:56 UTC 2010
I would look at everything in the program files directories to find file versions and look for configuration files that might have embedded passwords (plaintext or encrypted). SQL scripts or backup scripts could contain passwords. Also user profiles for stored passwords, cookies, and lists of recent websites/documents.
Bart
------Original Message------
From: Robin Wood
Sender: pauldotcom-bounces at mail.pauldotcom.com
To: PaulDotCom Mailing List
ReplyTo: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] with full read access what would you read
Sent: Nov 2, 2010 11:52 AM
On a recent test I found a website with a directory traversal attack
that let me read any file. The server was Win 2003 and I read the
obvious win.ini and boot.ini. I then read the Administrators
desktop.ini to prove I could. I tried but couldn't read the registry
files (not expected but worth trying).
The web server was an unusual one, part of an app so I couldn't find
the web root. The IIS web root just had an "Under Construction" file
in it so nothing interesting in there.
So, without being able to do directory listings to see what is there,
what files would you read on this box and why?
Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Sent from my Verizon Wireless BlackBerry
More information about the Pauldotcom
mailing list