Hi guys,
I'm about to begin a penetration test on a pretty big distributed file system
(Terabytes) and would like to known if any of you have some advice on how to
scan for script variable named "pass, password, passwd, key, passphrase" or
like. A lot of scripts reside on the file system so I guess will be able to
find some of them with open ACL'™s and sensible information like user/password.
Presently I'm using this command to generate a listing of all accessible file
with a brief content description: "find /bigfs -type f -size -100000c -exec
/pathto/file -m /pathto/magic {} \; 2> /dev/null > ~/scan_bigfs.list". From
there I've populated a database (~460K entries) to filter out stuff like
trusted image, bin, lib, doc, include, conf. Then, I guess manipulating
different type of file with different handler would be the way to go.
type:ASCII = grep;
type:Unicode = strings, grep;
type:bin = strings, grep;
type:tar/gz/other = untar/gunzip,scan again.
Any comments will be appreciated.
Thanks,
Danny Fullerton
---------------
IT Security Specialist, GCIH GHTQ
http://www.mantor.org/~northox
Mantor Organization
___________________________________
NOCC, http://nocc.sourceforge.net
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|