Insecure File Permissions¶
- Look for files of any type that can help break into the system. Scripts with hardcoded credentials, other sensitive files, etc.
- Search for world writable files:
Search for world writable files
Powershell.exe "Get-ChildItem "C:\Program Files" -Recurse | Get-ACL | ?{$_.AccessToString -match "Everyone\sAllow\s\sModify"}"
- Configuration Files
- Look for files like Unattend.xml which might contain credentials
- Search for files with pass in the name or ending in .config
dir /s *pass* == *.config
- Recursively search for files in the current directory that contain the word “password” and also end in either .xml, .ini, or .txt: