Nasreddine Bencherchali

Dec 18, 2021

4 min read

Should You Trust Your Admin Tools?

Photo by Cesar Carlevarino Aragon on Unsplash

Introduction

MobaXterm

Password Manager

HKEY_CURRENT_USER\Software\Mobatek\MobaXterm\P

Command History

C:\Users\[username]\AppData\Roaming\MobaXterm\home\.bash_history

Bookmarks

C:\Users\[username]\AppData\Roaming\MobaXterm\MobaXterm.ini

Tools, Tools, and More Tools

C:\Users\[username]\AppData\Roaming\MobaXterm\slash\bin
  • BusyBox
  • git.exe
  • ftp.exe
  • regtool.exe — A tool to view or edit the Win32 registry
  • wget.exe
  • telnet.exe
  • TurboVNC.exe

Radmin (Server)

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Radmin\v3.0\Server\Parameters\Radmin Security

Radmin (Viewer)

C:\Users\[username]\AppData\Roaming\Radmin\radmin.rpb

Putty

History

C:\Program Files\PuTTY\putty.log

Saved Sessions

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\[Sessions Name]

FileZilla (Client)

C:\Users\[username]\AppData\Roaming\FileZilla\recentservers.xml

Text Editors

Sublime Text

C:\Users\[username]\AppData\Roaming\Sublime Text 3\Local\Session.sublime_session

Visual Studio Code

C:\Users\[username]\AppData\Roaming\Code\Backups

Notepad++

C:\Users\[username]\AppData\Roaming\Notepad++\backup

Conclusion

Know your tools, what they generate, baseline and monitor, monitor, monitor.