Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Autocomplete Function
From: "Davidson,Sam" <SDAVIDSON () CERNER COM>
Date: Mon, 13 Nov 2000 15:27:57 -0600

Has anyone tried taking a sysdiff snapshot, then visiting some sites and
taking a diff shot to find the modified files?
This would be verrrry valuable info when compromised.

-----Original Message-----
From: Masse, Robert [mailto:rmasse () RICHTERSECURITY COM]
Sent: Monday, November 13, 2000 13:24
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Autocomplete Function


Hi

Does anyone know where Internet Explorer stores the data from the
'autocomplete' function?  You know, the one everyone uses when they do their
on-line banking :)

Possible Scenario:

Lots of people have file sharing on their workstation at home and a nice
broadband connection.  Can someone pull a file with the list of
usernames/passwords/sites
if someone was using autocomplete?

I poked around and didn't find anything (internet options, content allows
you to clear  the info but doesn't tell you where it's stored).


Thanks

Rob

Robert Masse, CISSP
Chief Technical Officer

Richter Security Inc.
2 Place Alexis Nihon, suite 905
Montreal, Quebec, Canada
+514 934 3566 Direct
+514 934 3406 Fax


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]