Tuesday, September 18, 2012

Data Mining Event Tracing for Windows 2

This is continue from the previous post.

The logman utility can allow us to peer into and established SSL session and steal active session cookies after you have shell on a box.

If you do able to sniff the administrator credential, then you can evenenable logging on a remote host using "logman -s <computername>".

The Microsoft-Window-WinInet is only 1 of the providers that you can turn on the logging. To check the full list of providers in your computer, you can:
c:\temp>logman query providers > listofproviders.txt

C:\temp>type listofproviders.txt | find /c "{"
643


This means there are total of 643 providers available in my computer.