mardi 22 janvier 2013

American series are usefull in pentester's life !

3 days ago, I watched an american series (Shase) in which an actor said, during a crime  investigation : "I'm going to search into the victim's computer to know what is the last printed document ?

Hum, I said me : "Is it possible or not ?" ... yes, it's possible :)
All is into "/var/spool/cups", with root privileges :

If printers use "Generic PostScript" driver, you can find your printed document in PDF format :) Funny, no ?

To copy these files into your home directory :
bash-3.2# find /var/spool/cups -exec file {} \; | grep -i pdf | cut -d : -f 1 > /tmp/file_pdf.txt
bash-3.2# while read line; do cp "$line" ~/; done < /tmp/file_pdf.txt

So, it's an other information leak for Mac OS X ... :) and I added this exploitation to my "private" forensic framework, Pac4Mac.

Aucun commentaire:

Publier un commentaire