mardi 22 janvier 2013

American series are usefull in pentester's life !


3 days ago, I watched an american series (Shase) in which an actor said, during a crime  investigation : "I'm going to search into the victim's computer to know what is the last printed document ?

Hum, I said me : "Is it possible or not ?" ... yes, it's possible :)
All is into "/var/spool/cups", with root privileges :


If printers use "Generic PostScript" driver, you can find your printed document in PDF format :) Funny, no ?

To copy these files into your home directory :
bash-3.2# find /var/spool/cups -exec file {} \; | grep -i pdf | cut -d : -f 1 > /tmp/file_pdf.txt
bash-3.2# while read line; do cp "$line" ~/; done < /tmp/file_pdf.txt



So, it's an other information leak for Mac OS X ... :) and I added this exploitation to my "private" forensic framework, Pac4Mac.



mardi 15 janvier 2013

Net2SharePwn : Update 1.1b



First update of Net2SharePwn after 2 years...

- Support of special characters (space, accent, ...) in the path of files to download or in the name of Network Share
- Colors are changed
- Support Mountain Lion (but very long to mount/unmount Network Share). I advise to use Net2SharePwn on Backtrack (just arp-scan to install)


You can, if you want to, modify this program to adapt it for your personal usage.
Download : Readme (very important !)
Download : Readme_menu (to understand quickly)
Download : Net2SharePwn-1.1b

Net2SharePwn is an utility to check and exploit automatically the NetBIOS Network Shares available from network access points.


Question: How do you identify THE FILE containing a password to elevate your network or system privileges, when too much domains or IP addresses are present? The time is an important factor in this situation … and during penetration testing, it’s common to identify a VBS script embedding a domain administrator account password.
AnswerNet2SharePwn has been built to allow that.

Net2SharePwn is built in Python (tested on Python2.7) and can be launched only on Linux (tested on Backtrack) and Mac OS x platforms.

I apologize for Python coding, it doesn’t respect the best practices but I didn’t predict to publish Net2SharePwn …
Net2SharePwn is perhaps developed “with my feet” but it is functional.

Net2SharePwn works like that :