Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Content filesystem scan

From: "Peter Parker" <peterparker () fastmail fm>
Date: Mon, 19 Feb 2007 08:20:30 -0800
Hi,

Dont know what would be a better solution on a TB filesystem.. but few
pointers that you may consider.

1. Get the filesystem listing dumped using # find / -type f -perm -x
-size -xxxxxc -ls > fslist.txt (this should be very quick and fast)
2. Parse the file so that you have only the file pathname
3. Then you may consider something like
 # for var in `cat fslist.txt`
    do
        grep -l -f patterns.txt $var >> patternfound.txt
    done

hth,





On Thu, 15 Feb 2007 12:33:27 -0500, dfullerton () mantor org said:

Hi guys,

I'm about to begin a penetration test on a pretty big distributed file
system (Terabytes) and would like to known if any of you have some advice
on how to scan for script variable named "pass, password, passwd, key,
passphrase" or like. A lot of scripts reside on the file system so I
guess will be able to find some of them with open ACL'™s and sensible
information like user/password.

Presently I'm using this command to generate a listing of all accessible
file with a brief content description: "find /bigfs -type f -size
-100000c -exec /pathto/file -m /pathto/magic {} \; 2> /dev/null >
~/scan_bigfs.list". From there I've populated a database (~460K entries)
to filter out stuff like trusted image, bin, lib, doc, include, conf.
Then, I guess manipulating different type of file with different handler
would be the way to go.

type:ASCII = grep;
type:Unicode = strings, grep;
type:bin = strings, grep;
type:tar/gz/other = untar/gunzip,scan again.

Any comments will be appreciated.

Thanks,

Danny Fullerton
---------------
IT Security Specialist, GCIH GHTQ
http://www.mantor.org/~northox
Mantor Organization

___________________________________
NOCC, http://nocc.sourceforge.net



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


-- 
  peter
  peterparker () fastmail fm

-- 
http://www.fastmail.fm - Does exactly what it says on the tin


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: