yara4pentesters

rules to identify files containing juicy information like usernames, passwords etc

requirements

YARA
- https://virustotal.github.io/yara/

searching for files

Remember that depending on the YARA version or operating system that you use, the syntax might vary slightly.

recursive search

yara -r juicy_files.txt <location>

recursive search by tag

yara -t <tag> -r juicy_files.txt <location>

recursive search single rule

yara -i <rule identifier/name> -r juicy_files.txt <location>

examples

~/Desktop/yara4pentesters$ yara -r juicy_files.txt ../y4p_files
shadow_file ../y4p_files/shadow
hive_file ../y4p_files/mysecurity
hive_file ../y4p_files/mysam
hive_file ../y4p_files/system
hive_file ../y4p_files/mysystem
ntds_file ../y4p_files/ntds.dit


~/Desktop/yara4pentesters$ yara -t linux -r juicy_files.txt ../y4p_files
shadow_file ../y4p_files/shadow

~/Desktop/yara4pentesters$ yara -i ntds_file -r juicy_files.txt ../y4p_files
ntds_file ../y4p_files/ntds.dit

References

https://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
LICENSE		LICENSE
README.md		README.md
juicy_files.txt		juicy_files.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

yara4pentesters

requirements

searching for files

recursive search

recursive search by tag

recursive search single rule

examples

References

About

Releases

Packages

Contributors 2

License

DiabloHorn/yara4pentesters

Folders and files

Latest commit

History

Repository files navigation

yara4pentesters

requirements

searching for files

recursive search

recursive search by tag

recursive search single rule

examples

References

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Packages