Penetration Testing mailing list archives
RE: Content filesystem scan
From: "Jeremiah Brott" <jeremiah () access2networks com>
Date: Sun, 18 Feb 2007 21:55:58 -0500
Hi Danny, Another great tool to use in this process would be foremost. This tool will allow you to search for files based on the header, footer & internal data structures. You can use this tool directly on the file system, or work with images generated by dd, Encase & Safe Back. Good Luck. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dfullerton () mantor org Sent: Thursday, February 15, 2007 12:33 PM To: pen-test () securityfocus com Subject: Content filesystem scan Hi guys, I'm about to begin a penetration test on a pretty big distributed file system (Terabytes) and would like to known if any of you have some advice on how to scan for script variable named "pass, password, passwd, key, passphrase" or like. A lot of scripts reside on the file system so I guess will be able to find some of them with open ACL'Âs and sensible information like user/password. Presently I'm using this command to generate a listing of all accessible file with a brief content description: "find /bigfs -type f -size -100000c -exec /pathto/file -m /pathto/magic {} \; 2> /dev/null > ~/scan_bigfs.list".
From there I've populated a database (~460K entries) to filter out stuff
like trusted image, bin, lib, doc, include, conf. Then, I guess manipulating different type of file with different handler would be the way to go. type:ASCII = grep; type:Unicode = strings, grep; type:bin = strings, grep; type:tar/gz/other = untar/gunzip,scan again. Any comments will be appreciated. Thanks, Danny Fullerton --------------- IT Security Specialist, GCIH GHTQ http://www.mantor.org/~northox Mantor Organization ___________________________________ NOCC, http://nocc.sourceforge.net ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Content filesystem scan dfullerton (Feb 17)
- RE: Content filesystem scan Jeremiah Brott (Feb 20)
- Re: Content filesystem scan Peter Parker (Feb 20)