Also, this would require checking every computer, though you could build yet another script to compile these for you to review.Obviously, still include the file location in this case.If you choose to utilize the Event Log, put them in a unique Event Log node (or a unique ID that you can filter the logs by) and use your admin privileges to remotely review the logs from one location.If you choose a log file, include the computer's name and the exact file location.I would prefer to a server log file for convenience's sake, but the Event Log will work.If the application you're concerned with is under your control, and your current password requirements are not complex enough to make them unique - change your password policy and make them unique - this is just good practice.Build the script such that it would search the opened file for words that match the password requirements related to the application you're concerned with.This should ding your virus protection software, but you should be able to white-list the script.I doubt anyone would appreciate me providing such a resource. There are various places online where you can learn how to do this.Modify the Windows registry to execute a script every time specific file types or applications are opened - in this case, txt files and/or Notepad.exe.Then I would build a script under the following rough requirements: Then have management publish a policy around the use of plain text passwords and most critically the policy must be enforced.īased on his use of the terms "PowerShell", "ASP" and "BASH" it is likely safe to assume that we are strictly referring to a Windows environment - I doubt he would want to install Cygwin or some other Linux hybrid / grep application on every PC when this can certainly be resolved in other ways.Īdmittedly, having a bit of a nefarious background, and being a programmer, I would take a different approach more akin to what a hacker would perform when trying to find private information that someone has stored in an unsecured fashion.įirst, I'll make the assumption that you're able to install a script on the user's computer - accomplishing this as an administrator shouldn't be too much of an issue. You really need to enlist senior management to agree that plain text passwords are bad. This really has to be an administrative control versus a technical control. Do a search for post-exploitation guides and one of the first steps after compromising a box is to start searching for plain text passwords. Your goal isn't to find every place, just every obvious place to begin with. I'm not at my Linux machine, so the syntax may be off a tiny bit on the grep command. In that file put all your permutations of password, passwords, pwd, etc. On linux I'd start with something close to this:īetter yet would be a for loop with a variable which is read from a file. Next build a list of the most common strings that you've seen to set a password variable at your company. First don't worry about finding all passwords that might be hard coded and especially don't agree with management that it can be done.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |