Conversation
ledrypotato
requested review from
Marshall-Hallenbeck,
NeffIsBack,
mpgn and
zblurx
as code owners
|
Thanks for the PR! If you still want to work on that module it's best to turn the PR into a "DRAFT", so that we know it is still worked on :) |
|
I have made all the changes that I had planned and also created a PR for the associated documentation for the NetExec wiki. Here is an updated screenshot for the changes that handle displaying the deletion time of files, directories and using a filter to download specific files.
I have gone ahead and removed the draft tag from my PR :) |
|
Any updates? |
|
Hey, oh I didn't even realise there was a previous module for the Recycle Bin by @Dfte 😆 ! |
|
Fyi, until this has been resolved i will turn it into a DRAFT PR so that it is clear it isn't ready for review :) |
|
@ledrypotato have you had a chance to look at the other module and see if you can integrate anything? |
Hey, not yet unfortunately. I should have some more time beginning of next month. |
I removed the registry key logic to fetch the username since it's already given in the metadata file ($I).
ledrypotato
force-pushed
the
RecycleBin-module
branch
from
ad3acd0 to
1a6117a
Compare
|
Hi, I finally had some time to look at this merge. To be honest I moved most of my code that I had into Dfte's module. I removed the registry key logic to fetch the username since we can get that information from the metadata file in the Recycle Bin (files that start with $I).
Here is an updated screenshot of the output when specifying that you want to download files (
Most of the code I originally posted remains the same. I felt it was easier to keep what I already had than try and merge everything. That said I did review the original code to check if things were better in it. Perhaps the Feel free to give any feedback on what should be changed/optimized. |
|
Only took a short look at the code, but looks mostly good from what i can tell 👍 |
|
Yeah the logic remains the same. |
I don't mind either, but it is currently pretty mixed. Not sure what is better but at some point we'll probably enforce one of both, but i'll leave it as is now. |
|
I think underscore is easier to read and I was going to normalize it eventually, maybe after the module arg stuff. |
3 participants
Description
This PR adds the Recycle Bin module that will list files in the Recycle Bin. It will parse the associated metadata files in the Recycle Bin to display the "Original Location" of the deleted file, this can give a good indication whether or not the file is interesting or not. You can also download files using the module options.
I have a few things on my TODO list that I will implement as soon as I can as well as update the NetExec documentation.
Feel free to make any comments on the implementation/development as it's not my speciality 😆!
Type of change
How Has This Been Tested?
I have tested this module against my local Windows 11 VM (Microsoft Windows 11 Enterprise Evaluation) from my Kali VM running Python 3.12.8.
Screenshots:
Here is an example of deleted files in the Recycle Bin:
We can list files in the Recycle Bin with this command:
or download them with this command:
Checklist:
poetry run python -m ruff check . --preview, use--fixto automatically fix what it can)TODO: