[go: up one dir, main page]
Skip to content
/ hook-fstab Public

Drive Badger extension: parse /etc/fstab files and exfiltrate NFS/Samba shares

drivebadger.com/

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

drivebadger/hook-fstab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
handle-cifs.sh
handle-cifs.sh
 
 
handle-nfs.sh
handle-nfs.sh
 
 
hook.sh
hook.sh
 
 

Repository files navigation

This is an extension for Drive Badger. It provides a so called hook script, that:

  • scans given directory tree for /etc/fstab file
  • analyzes its entries
  • extracts all statically defined smbfs/cifs and nfs shares
  • tries to mount and exfiltrate them

Why this is done during the attack, and not later? Because:

  • access to these shares can be restricted to IP address of the exfiltrated computer/server
  • almost certainly it is restricted to internal LAN
  • almost certainly each mounting is logged - so this is a good way to cover the tracks

Installing

Clone this repository as /opt/drivebadger/hooks/hook-fstab directory on your Drive Badger persistent partition.

More information

About

Drive Badger extension: parse /etc/fstab files and exfiltrate NFS/Samba shares

drivebadger.com/

Topics

samba smb nfs fstab nfs-client nfsv4

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages