what files do you go for when you compromise a machine?

[netevil at hackers.it (NetEvil)]

Hi Robin,
Same thoughts here..a solution (perhaps weak..) that i have in mind  
would be to make a first run of multiscripts ...for gathering some  
info ...like the user..and set a persistence reverse connect... 
(thinking also at the right order of this multiscript queue..)
then another script ...when the box comes back the second time ...for  
getting specific files related to previous gathered info...(docs  
and .pst..of course...)
But i'm not so far in my test..cause at the moment i'm not able to see  
an already pwned box :/ ...for changing actions and over all use  
previous info for gettin interesting files automatically :/
David.




Il giorno 02/feb/2010, alle ore 22.48, Robin Wood <dninja at gmail.com>  
ha scritto:

> I'm sure everyone has a set of files they look for when they get
> access to a box. For example, I like to look through all the "My
> Documents" and Desktop directories to see if there is anything useful
> in there, I would also look for .pst files.
>
> I'm thinking of creating a Metasploit module, similar to winenum,
> which will search the compromised machine for these files or check the
> specified directories so having a good base list to start with would
> be useful.
>
> Any suggestions?
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com