pdgmail包装说明
Python脚本收集来自一个PD进程内存转储Gmail的文物。它会发现什么可以出来,包括联系人,电子邮件,最后acccess时间,IP地址等的内存映像
- 作者:杰夫Bryner
- 许可:GPL第二版
0x01 包含在pdgmail包工具
pdgmail - 提取gmail的文物从PD转储:~# pdgmail -h Usage: /usr/bin/pdgmail [OPTIONS] Options: -f, --file the file to use (stdin if no file given) -b, --bodies don't look for message bodies (helpful if you're getting too many false positives on the mb regex) -h, --help prints this -v,--verbose be verbose (prints filename, other junk) -V,--version prints just the version info and exits. This expects to be unleashed on the result of running strings -el on a pd dump from windows process memory. Anything other than that, your mileage will certainly vary.0x02 pdgmail用法示例
从文件中提取文物 (六)file.dmp, 并 详细(V)。
:~# pdgmail -v -f file.dmp
原文来自:https://www.hackfun.org/kali-tools/pdgmail_zh.html。转载请注明原出处,商用请联系原作者授权。