WINDOWS XP - SCRAPER / WINENUM
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnfCWEq7Cd9rkDsl4HIiFfmPT_KEZPUQP5glPx-Q_Rm9TzfgXER9woG6JQlINC8Y8Vw1yzvTk8C4nNnBCpe4Pqt_I0Z_jb3U7GouO8qXCBCV6c2vpTo-xvG0jQZ1LakiU50YWwxSSLx4rn/s1600/XP_LAYOUT.jpg)
- The scraper script grabs information about the whole victim's system, including the entire registry. Its main advantage is that the attacker can achieve information just with one command:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdsaxyvSV2q3wWfWWQ-9HjbO1Vyg0DwUAMFYcI5xNsnq8D3ab4sMb9nFAkdAvlQ5ZzDOA8bLtAy2Guss0aeLWJXH_IiY61l7ulqz4Y0e06JMAaFI2gNralqQM3QKitsSfsm5EkB36UnCab/s1600/screenshot.1.jpg)
- The output of scrape is stored on diferents files, both of .txt and .reg type:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgR9DqH3g0NfOr3nzvg9xS7vR_s04nuOdwylQw-lynN6bB-ZQPbUY-Cy6g4hgJh45eR2vpKgiG_QTDaPe0Ly-NpMBGnrCWbC1_gVgrzkIxgvt3mlaYOcU_mUKK2U4O_xpgUWdfxFYBHs8y/s1600/screenshot.2.jpg)
- For instance, hashes.txt:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGc0cgKPG9_fmTmLPLGpeMLPb3gRdq-rcTTu5Wd8nJRSnFbwanPtBNzIMnsfBKiXDPwvnJQSq42E-3xIHYJ6CcIFaGu0af2-VUAA3tUdQBVqbBP3boz7pt9lcprwS6s-9Yt2RaFGOml2vx/s1600/screenshot.4.jpg)
- users.txt:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEja7uiK8j8FjDk85QrQrnuZAmJMd19qq9YDID-c3bjXIsPEFKx7xRuaQ4FygjGjUWvzuEQOpTXX7Sed8r129PbnC11KQOdqUGhYrBeujnipVkjtR_wegQ6OKEyESBX_JZd9Xz6bTqza1-lO/s1600/screenshot.5.jpg)
- Another similar script is winenum:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQBpsz2tDtDDPL4dGnklqO5wAxHafduU9tnBryXrSBbmqiGcD5SuHT54qU2nw6eQgUjFbVE1c5uAP3YW6puaklZv8XYDFmM1Au4NXeft-zmwRHvBoraz-i_umh2d4gdSFWLDRDclcyrGjn/s1600/screenshot.6.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFqU_-ujHWXSdM0gjEKCbXvwbUJQefBbwHscK9Lq0KUFT4o-V7FNA3iN1Nm-Pl8u37TWo1eFRluAmBC_wGXOvd0znb47VfFnEd3eXj6GCU4xj-bOkNfhjZ45lmSIVjbQwSRe-UIAX_p8Ox/s1600/screenshot.7.jpg)
- Output from Winenum is stored on different files:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvJw7lHXZ0bfFXu9vNeN3Q_c3jw6oTzMSQnboDMz8kt1B4oh_oAEjkizi8jJ2zD9i6URRBPPrJ-WCNZoEafbXtCeuTp_RwJUfEHkDDheeT-QzrC4oXEVweEN7AyOmGwQcTyU7ZIn3Ypaxn/s1600/screenshot.8.jpg)
- For instance, ipconfig_all.txt shows info about network characteristics of the victim:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU17pJPHmcvs0dz4eb98bRt0a2bXouTCpqVLIdFliy1kdCzlTe8E6mZ-QfgvidkBMaNyRUU3RrQgk4Ywyb6Z84OefvxoI-RkA4BB4fVtAC8OT5mvBQTlcY9GjeO3zDmN3a4WDEa2NToeza/s1600/screenshot.10.jpg)
- Also, arp__a.txt maps IP addresses with Physical addresses:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4h1YxC9vsXeyJ_b8EfAMRVk6PFKee71IjEhFE1d_XLbuZfK9e-vbl9sbPwxPYijSJnEuUPG5sjhj0JfMCFyOB82SJM7vptl9-hPc_oCKCg0er3Ri-5DVZh5TuFJ0_gHo4xXzLfLLIKNFM/s1600/screenshot.9.jpg)