-
Notifications
You must be signed in to change notification settings - Fork 1
Roadmap
Tomasz Klim edited this page Oct 30, 2021
·
19 revisions
- try to unify event logging between Drive Badger and Mobile Badger
- finish the website translation
- create Wiki structure and begin translating pages
- HFS+ (older Mac OS)
- FreeBSD
- possibly other *BSD
- AIX
- is it possible to assemble and exfiltrate filesystems spanning multiple drives/hosts, based on discovered data?
- RAID 5/6/...
- ZFS/btrfs, possibly with encryption support
- MooseFS, Ceph, GlusterFS etc.
- look for 802.1X certificate files and passwords
- try to connect to protected networks
- postpone executing all other hooks, until all drives are processed
- deploy test server
- research: how to reliably recognize multiple SSD drives (same models!) connected to test server - by serial or what?
- script to translate given serial or label to currently assigned device id
- actual imaging script: dd image (if newer), create 3rd partition (if required), git checkout/pull repositories, chroot, minimal-provisioning, setup
- rewrite Python 2.x-based code to Python 3
- scan for ~/.ssh/id_rsa or other ssh private keys (parse ~/.ssh/config)
- parse .bash_history and .zsh_history for connections using keys
- try to find frameworks like Ansible and parse their configuration
- use preconfigured keys from repository
- finally, try to exfiltrate other machines via ssh:
- look for user passwords saved in browsers
- look for ftp/sftp passwords from other programs
- look for remote MySQL/Postgres/Mongo/other credentials, to "backup" them similarly to sf-backup
- look for Windows password files
- is it possible to extract SMB share credentials from Windows?
- how about AD environment?
- how about standalone Windows + Samba server?
- either mapped to drive letter or not, but still available to open without password
- mapped to drive letter using separate credentials
- properly recognize drive serial numbers behind RAID controllers
© Copyright 2020-2022 by Tomasz Klim Payload.pl