Google hacking can help too. On Tue, Jan 26, 2010 at 11:23 AM, PJ McGarvey <[email protected]>wrote:
> The one for finding WPA keys is pretty neat, cracking WPA has never been > easier. > > Also try searching for files with 'pwd', 'pass', 'logins', etc. in the > filename, you'd be amazed how many people store work and personal > credentials in unsecured text files, easily found on their computers. I've > literally tripped right over them doing forensics. > > -PJ > > ------------------------------ > Date: Tue, 26 Jan 2010 11:14:54 -0500 > From: [email protected] > To: [email protected] > > Subject: Re: [Pauldotcom] Files containing credential stores sorted by > operating system. > > While this is not quite an answer to your question, I think it may help you > find out. Nir (http://www.nirsoft.net/) has a bunch of tools to extract > local passwords. Grab some of his tools, run them with procmon, and see what > files and reg keys they try to grab. Then you have a few place to look. > > Adrian > > On Tue, Jan 26, 2010 at 2:23 AM, Jim Halfpenny <[email protected]>wrote: > > Sounds like a good topic for a wiki page, or even a whole site. There > is the pauldotcom wiki, I'm sure the good peeps on the list could > quickly fill in the blanks. I know I have some stuff I can contribute. > > Jim > > On 25/01/2010, Nicholas B. <[email protected]> wrote: > > No, I'm not looking for rainbow tables. I'm looking for files that > > various programs and services use to store user credentials in, the > > type of encoding or hashing that is used on them if any and the > > operating system(s) that they might appear on. > > > > On Mon, Jan 25, 2010 at 4:49 PM, Karl Schuttler > > <[email protected]> wrote: > >> Rainbow tables? > >> > >> On Mon, Jan 25, 2010 at 4:23 PM, Nicholas B. <[email protected]> > wrote: > >>> > >>> I'm looking for a site or sites that contain large and if possible > >>> comprehensive lists of files contain username and/or password > >>> credentials. The credentials can be plain-text, encoded or hashed and > >>> if they are encoded or hashed it would be nice to have the method(s) > >>> that was employed to generate these. I'm thinking of files beyond > >>> just the normal /etc/shadow, /etc/master.passwd stuff .htaccess to > >>> files for specific programs and userland files including svn-auth-file > >>> and ~/.vnc/passwd types of content and even more exotic vendor > >>> specific stuff to look for. If anyone can point me to someplace with > >>> a good list of these or would like to attach a list that you've > >>> compiled I would appreciate it. > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > -- > Sent from my mobile device > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > ------------------------------ > Hotmail: Free, trusted and rich email service. Get it > now.<http://clk.atdmt.com/GBL/go/196390708/direct/01/> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
