Re: [PEN-TEST] Autocomplete Function

[Magnus Ullberg <UllbergM () ABCBANK COM>]

I did a snap shot of saving a hotmail username and password plus doing a
search on altavista.com
Hotmail: username="username", password="password"
AltavistA: searched for "search"

Looks like greek to me.. but maybe someone else on the list can figure
something out.

-----Original Message-----
From: Davidson,Sam [mailto:SDAVIDSON () CERNER COM]
Sent: Monday, November 13, 2000 3:28 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Autocomplete Function


Has anyone tried taking a sysdiff snapshot, then visiting some sites and
taking a diff shot to find the modified files?
This would be verrrry valuable info when compromised.

-----Original Message-----
From: Masse, Robert [mailto:rmasse () RICHTERSECURITY COM]
Sent: Monday, November 13, 2000 13:24
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Autocomplete Function


Hi

Does anyone know where Internet Explorer stores the data from the
'autocomplete' function?  You know, the one everyone uses when they do their
on-line banking :)

Possible Scenario:

Lots of people have file sharing on their workstation at home and a nice
broadband connection.  Can someone pull a file with the list of
usernames/passwords/sites
if someone was using autocomplete?

I poked around and didn't find anything (internet options, content allows
you to clear  the info but doesn't tell you where it's stored).


Thanks

Rob

Robert Masse, CISSP
Chief Technical Officer

Richter Security Inc.
2 Place Alexis Nihon, suite 905
Montreal, Quebec, Canada
+514 934 3566 Direct
+514 934 3406 Fax

Attachment: hkcu.reg
Description:

Attachment: hklm.reg
Description: