PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

what files do you go for when you compromise a machine?

From: dninja at gmail.com (Robin Wood)
Date: Tue, 2 Feb 2010 23:37:53 +0000
On 2 February 2010 22:51, Mike Patterson <mike at snowcrash.ca> wrote:

On 2010/02/02 4:48 PM, Robin Wood wrote:

Any suggestions?


Do you mean Windows hosts, or in general? ?You mentioned Windows stuff.


Just because winenum is there as a template I was going to do it as a
windows scanner first but could expand it to include other OSs later


In general though, things that allow automatic login to remote hosts -
saved RDP sessions, SSH keys, things of that nature. ?Command history if
it's available, it might tell you hosts that the user of the workstation
connects to regularly. ?Maybe you know their password and you can use
that on these other hostnames too.


So that would be:
Windows
*.rdp

Linux
.ssh/* - may as well grab everything
.bash_history

Robin
Previous By Date Next
Previous By Thread Next

Current thread: