Friday, September 30, 2011

Windows Shellbags and Post Exploitation

Via securityaegis and seen in Twitter.


Shellbags are a set of registry keys that store the preferences of each folder that has been opened at least one time with Windows Explorer (local,remote, portable devices, etc.).

From a Post Exploitation point of view, this information offers us a good idea of the activities being carried in the exploited desktop computer. Thus, we can figure out how critical the computer and the the information it holds are for our costumer.

The linked post comments that, during a big engagement, we may pop up a shell in a computer that belongs to HR, R&D, etc..  but, at first sight, we could not distinguish how important it is compared to several other similar desktops among the organization.

Below you can find a demo of the meterpreter script in action.




Untitled from Securityaegis on Vimeo.

No comments:

Post a Comment