All great places to look. I think this sounds like a great project to work on following Shmoocon. Its all about knowing where the credentials are and if we know where they are we can work to protect, white/black list and grab these for pen-testing and auditing.
On Tue, Jan 26, 2010 at 11:14 AM, Butturini, Russell <[email protected]> wrote: > Upon further review, I realize that was 3 words :-) > > -----Original Message----- > From: Butturini, Russell > Sent: Tuesday, January 26, 2010 10:14 AM > To: 'PaulDotCom Security Weekly Mailing List' > Subject: RE: [Pauldotcom] Files containing credential stores sorted by > operating system. > > One word: Gnutella P2P network > > Grab yourself a client (Gnutella Turbo is my favorite) and start searching > for *.rdp, *.qbw, *.pst, etc. You'll have a whole bucket full of files to > analyze :-) > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jim Halfpenny > Sent: Tuesday, January 26, 2010 1:24 AM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Files containing credential stores sorted by > operating system. > > Sounds like a good topic for a wiki page, or even a whole site. There > is the pauldotcom wiki, I'm sure the good peeps on the list could > quickly fill in the blanks. I know I have some stuff I can contribute. > > Jim > > On 25/01/2010, Nicholas B. <[email protected]> wrote: >> No, I'm not looking for rainbow tables. I'm looking for files that >> various programs and services use to store user credentials in, the >> type of encoding or hashing that is used on them if any and the >> operating system(s) that they might appear on. >> >> On Mon, Jan 25, 2010 at 4:49 PM, Karl Schuttler >> <[email protected]> wrote: >>> Rainbow tables? >>> >>> On Mon, Jan 25, 2010 at 4:23 PM, Nicholas B. <[email protected]> wrote: >>>> >>>> I'm looking for a site or sites that contain large and if possible >>>> comprehensive lists of files contain username and/or password >>>> credentials. The credentials can be plain-text, encoded or hashed and >>>> if they are encoded or hashed it would be nice to have the method(s) >>>> that was employed to generate these. I'm thinking of files beyond >>>> just the normal /etc/shadow, /etc/master.passwd stuff .htaccess to >>>> files for specific programs and userland files including svn-auth-file >>>> and ~/.vnc/passwd types of content and even more exotic vendor >>>> specific stuff to look for. If anyone can point me to someplace with >>>> a good list of these or would like to attach a list that you've >>>> compiled I would appreciate it. >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > -- > Sent from my mobile device > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
