SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Metasploit Post Exploitation Meterpreter Script Prefetchtool
Windows caches portions of frequently accessed programs in order to speed up program launches. The prefetch folder reveals which programs you have been running recently, how many times you executed the program and when you last executed the program. This is one place where forensic investigators should look at first when looking at a compromised/suspect machine. Keith Lee has created a Meterpreter module and an independent tool prefetch-tool to demonstrate this.
According to Keith's submission to us: "The inspiration for this meterpreter script came from Pauldotcom Ep171 (http://pauldotcom.com/wiki/index.php/Episode171) Windows prefetch folder contains a lot of information about:
1. Recently run programs
2. How often certain programs are executed Based on this information, you can find out how the target machine was used by the user and perhaps the roles of the computer.
Check out my blog post here http://milo2012.wordpress.com/2009/10/22/meterpreter-script-for-prefetch-tool/
You can contact me on twitter at @keith55 or keith.lee2012[at]gmail.com "
According to Keith's submission to us: "The inspiration for this meterpreter script came from Pauldotcom Ep171 (http://pauldotcom.com/wiki/index.php/Episode171) Windows prefetch folder contains a lot of information about:
1. Recently run programs
2. How often certain programs are executed Based on this information, you can find out how the target machine was used by the user and perhaps the roles of the computer.
Check out my blog post here http://milo2012.wordpress.com/2009/10/22/meterpreter-script-for-prefetch-tool/
You can contact me on twitter at @keith55 or keith.lee2012[at]gmail.com "
Related Videos from: Advanced Metasploit Usage (3)
 |  |  |  |  | |
You are Viewing this Video Now! | |||||
2671 views | 3214 views | 2751 views | 3044 views | 4666 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |