Clear-Text Passwords in your environment?

Do you keep the password to your bank on a note posted to your computer?

No? So why would you Do you keep the password to your bank on a note posted to your computer? No? So why would you keep your DB/server/application passwords exposed in the environment??? Well, that is a problem that concerns us all… and it is also against common regulations… so all you need to do is DELETE them!!!! or, in case you need them after all – ENCRYPT them! (and don’t use MD5 or SHA1.) How will you find them… that is the real question here… OK, so especially for that, i created a script (attached) to run on linux environment (currently, this is the only OS supported, if you need to run on a different environment please contact me) all you need to do, is copy the script to the directory you want to be the “root” for the search. then execute the script to get the manual, basically it looks like that: keep your DB/server/application passwords exposed in the environment???

Well, that is a problem that concerns us all… and it is also against common regulations… so all you need to do is DELETE them!!!! or, in case you need them after all – ENCRYPT them! (and don’t use MD5 or SHA1.)

How will you find them? that is the real question here…
OK, so especially for that, I created a script to run on linux environment (currently, this is the only OS supported, if you need to run on a different environment please contact me)

all you need to do, is copy the script (attached) to the directory you want to be the “root” for the search.
Then execute the script to get the manual, basically it looks like that:

Now, lets run it with the default list of strings to look for, using the -d argument, and this is what we’ll get:

You can also run it with a file path to get the list from the file, while each line in the file represent the string to look for. so executing ./findpass pass.list will use the list inside ./pass.list

Using the -p argument will prompt to receive input of passwords from the user:

and the -i for interactive mode:

That’s all for now, if you have any ideas, suggestions, features
if you found bugs (you must be wrong!) or you want any customization, please contact me!

Download script from >> HERE <<

Advertisements

One Response to “Clear-Text Passwords in your environment?”

  1. Hello, I think your website might be having browser compatibility issues.
    When I look at your blog in Firefox, it looks fine but when opening
    in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up!

    Other then that, amazing blog!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: