mailing list archives
Re: Own Idea for SOC. Please Comment.
From: David Fifield <david () bamsoftware com>
Date: Thu, 5 Apr 2012 14:02:19 -0700
On Wed, Apr 04, 2012 at 07:59:33PM +0530, PALASH JHABAK wrote:
I do not know how relevant it will be for the present SOC but I have this
idea for a while and I want a feedback on the same.
I live in a University Campus with about 8k residents. Peer to Peer sharing
within the campus Network is very common and the software like DC++ are one
of the commonly used software. Often people (knowingly or unknowingly )
share their important and vulnerable data over those peer-to-peer share
software. I have seen people sharing all of the Windows installation folder
(C:/), and not only this they tend to share the hidden folders too. In the
free time I search for users who have shared their "AppData" folder on DC++
and surprisingly I find many such users. I download the "AppData" folder,
go to the mozilla ( profile folder ) or in chrome ( User Data ), replace
them with the corresponding folders in my Mozilla or Chrome folders and
guess what ? I can see all of their saved passwords, the website they use
and any and every data which their browser had saved.
I think the above is a very important issue and I want to create a tool
which automatically, in a LAN network, searches for I.P ( and hence users )
who have shared those vulnerable folders.
I dont know if it matches nmap's goal with current SOC but a feedback would
This sounds like a great idea for an NSE script. If you can, please
write a summary of what the script will do, with references and a small
example output, and add it to the page here:
This actually could be several scripts, one for each common peer-to-peer
We are looking for script developers for the Summer of Code, so such an
idea could be part of a project. It depends on how big you estimate the
job to be, whether writing these peer-to-peer scripts will be the only
job for the summer, or whether it should be combined with the writing of
other kinds of scripts.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/