Hi, I’m Wunorse Openslae
What was that password?
Golly, passwords may be the end of all of us. Good guys can’t remember them, and bad guess can guess them!
I’ve got to upload my chore report to my manager’s inbox, but I can’t remember my password.
Still, with all the automated tasks we use, I’ll bet there’s a way to find it in memory.
Plaintext Credentials in Commands > Keeping Command Line Passwords Out of PS
1- First let’s use command
ls to list directories & files:
2- Take a look at content of
report.txt for any leads:
ps command as suggested in hints to display the usernames / passwords on the command line for the running processes , write the command as following :
T Basic options: all processes on this terminal,
w Show threads options : unlimited output width
4- Interesting command related to samba :
/bin/bash /home/manager/samba-wrapper.sh --verbosity=none --no-check-certificate --extraneous-command-argument --do-not-run-as-tyler --accept-sage-advice -a 42 -d~ --ignore-sw-holiday-special --suppress --suppress
//localhost/report-upload/ directreindeerflatterystable -U report-upload
So the username
report-upload and the password
directreindeerflatterystable and the share folder
You can find more about smbclient here: https://www.computerhope.com/unix/smbclien.htm
5- Now let’s upload the report to the share folder using smbclient to access share folder :
smbclient //localhost/report-upload/ -U report-upload directreindeerflatterystable
Then upload the file
Thank goodness for command line passwords - and thanks for your help!
Speaking of good ways to find credentials, have you heard of Trufflehog?
It’s a cool way to dig through repositories for passwords, RSA keys, and more.
I mean, no one EVER uploads sensitive credentials to public repositories, right? But if they did, this would be a great tool for finding them.
But hey, listen to me ramble. If you’re interested in Trufflehog, you should check out Brian Hostetler’s talk!
Have you tried the entropy=True option when running Trufflehog? It is amazing how much deeper it will dig!
Oh my! Santa’s castle… it’s under siege!
We’re trapped inside and can’t leave.
The toy soldiers are blocking all of the exits!
We are all prisoners!
Brian Hostetler is giving a great Trufflehog talk upstairs