Archive for March, 2012

Clear-Text Passwords in your environment?

Posted in Encryption, Valnurability on March 29, 2012 by keizer

Do you keep the password to your bank on a note posted to your computer?

No? So why would you Do you keep the password to your bank on a note posted to your computer? No? So why would you keep your DB/server/application passwords exposed in the environment??? Well, that is a problem that concerns us all… and it is also against common regulations… so all you need to do is DELETE them!!!! or, in case you need them after all – ENCRYPT them! (and don’t use MD5 or SHA1.) How will you find them… that is the real question here… OK, so especially for that, i created a script (attached) to run on linux environment (currently, this is the only OS supported, if you need to run on a different environment please contact me) all you need to do, is copy the script to the directory you want to be the “root” for the search. then execute the script to get the manual, basically it looks like that: keep your DB/server/application passwords exposed in the environment???

Well, that is a problem that concerns us all… and it is also against common regulations… so all you need to do is DELETE them!!!! or, in case you need them after all – ENCRYPT them! (and don’t use MD5 or SHA1.)

How will you find them? that is the real question here…
OK, so especially for that, I created a script to run on linux environment (currently, this is the only OS supported, if you need to run on a different environment please contact me)

all you need to do, is copy the script (attached) to the directory you want to be the “root” for the search.
Then execute the script to get the manual, basically it looks like that:

Now, lets run it with the default list of strings to look for, using the -d argument, and this is what we’ll get:

You can also run it with a file path to get the list from the file, while each line in the file represent the string to look for. so executing ./findpass pass.list will use the list inside ./pass.list

Using the -p argument will prompt to receive input of passwords from the user:

and the -i for interactive mode:

That’s all for now, if you have any ideas, suggestions, features
if you found bugs (you must be wrong!) or you want any customization, please contact me!

Download script from >> HERE <<