module
Windows Gather Enum User MUICache
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
This module gathers information about the files and file paths that logged on users have
executed on the system. It also will check if the file still exists on the system. This
information is gathered by using information stored under the MUICache registry key. If
the user is logged in when the module is executed it will collect the MUICache entries
by accessing the registry directly. If the user is not logged in the module will download
users registry hive NTUSER.DAT/UsrClass.dat from the system and the MUICache contents are
parsed from the downloaded hive.
executed on the system. It also will check if the file still exists on the system. This
information is gathered by using information stored under the MUICache registry key. If
the user is logged in when the module is executed it will collect the MUICache entries
by accessing the registry directly. If the user is not logged in the module will download
users registry hive NTUSER.DAT/UsrClass.dat from the system and the MUICache contents are
parsed from the downloaded hive.
Author
TJ Glad tjglad@cmail.nu
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.