Vulnerability Development mailing list archives
Re: File Share Vacuum
From: o'neil.brooke () LMCO COM (Brooke, O'Neil)
Date: Fri, 28 Jan 2000 10:30:49 -0500
It might be interesting to see the contents of cookies as well.
---------- From: Blue Boar[SMTP:BlueBoar () THIEVCO COM] Reply To: Blue Boar Sent: Friday, January 28, 2000 2:12 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: File Share Vacuum Jonas Denily wrote:I recently decided to create a program for Windows users to scan their network for open file shares. When a share is detected, you can map a drive or you may brute force crack the share if protected. The vacuum part is the ability to scan the remote HD for files that may contain important information. I have set up a great many such as FTP sitelists, ICQ dat files, various ISP ins files, *.pwl, etc.Also look for *.id files (Lotus Notes), and preferences.js and prefs.js. Bookmark.htm, and the history file, too.I was wondering how I would go about searching the registry remotely or I would be greatly appreciative if someone could send me a list of file names, default directory, and program/version they belong too. I am currently compiling a large list of these and the user has the ability to choose which ones to vacuum and also add custom files. If you know of any of these such files, please email me.Ideally, you'll need registry access. Citrix/MS Terminal Server client store some passwords there, for example. By default, NT machines allow remote access to the registry if you connects as a user with sufficient privs (well, by default, everyone can read and write WAY too much of the registry.) For Win9x, it's not so automatic: http://msdn.microsoft.com/library/winresource/dnwin95/S647C.htm Basically, you'd be looking for the ADMIN$ share. If that's not there, you'll have to figure out a way to push code onto the box. Sounds like a fun project in general, though. I'd often thought that it would be worthwhile to have a good list of things that are interesting to steal off a Windows box. BB
Current thread:
- Re: File Share Vacuum Brooke, O'Neil (Jan 28)
- <Possible follow-ups>
- Re: File Share Vacuum John Simons (Jan 28)
- Re: File Share Vacuum Inedag () AOL COM (Jan 30)