Jump to content

MY MICROSOFT COFEE REVIEW


operat0r_001

Recommended Posts

Wow .. really ? dont even bother .. its like hacksaw but some how worse .. only good thing about it prob not picked up by malware scanners ... ..

This "Computer Online Forensic Evidence Extractor (COFEE)" is no more then just old windows exe all compiled into a dump log with some www.sysinternals.com utils added on ... w0w really .. ? this is joke right ?!?

COFEE.jpg

--operat0r AKA rmccurdy.com

//-----------------------------------------------
//      Check Requied Files
//-----------------------------------------------

Finding uptime.exe ... found
Finding config.txt ... found
Finding folders.txt ... found
Finding pausep.exe ... found
Finding NW3C_SHA1.exe ... found


//-----------------------------------------------
//      Load Config
//-----------------------------------------------



//-----------------------------------------------
//      Read Disk Label
//-----------------------------------------------



//-----------------------------------------------
//      Find COFEE Drives
//-----------------------------------------------

//-----------------------------------------------
//      Detect OS
//-----------------------------------------------

The OS of this system is Windows XP


//-----------------------------------------------
//      Create Output Folders
//-----------------------------------------------

F:\out-PANSY-8349E3157-20091110214413 is created
F:\out-PANSY-8349E3157-20091110214413\network is created
F:\out-PANSY-8349E3157-20091110214413\process is created
F:\out-PANSY-8349E3157-20091110214413\services is created
F:\out-PANSY-8349E3157-20091110214413\users is created
F:\out-PANSY-8349E3157-20091110214413\password is created
F:\out-PANSY-8349E3157-20091110214413\policy is created
F:\out-PANSY-8349E3157-20091110214413\registry is created
F:\out-PANSY-8349E3157-20091110214413\log is created
F:\out-PANSY-8349E3157-20091110214413\file is created
F:\out-PANSY-8349E3157-20091110214413\memory is created
F:\out-PANSY-8349E3157-20091110214413\opt_tool is created
F:\out-PANSY-8349E3157-20091110214413\misc is created


//-----------------------------------------------
//      Run Command
//-----------------------------------------------
Start COFEE

Verifying ... Success
Start...
Commandline : at.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : autorunsc.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : arp.exe -a
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : getmac.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : hostname.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : ipconfig.exe /all
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b
7c1a3b3ded3e610cdb046ddbdf2c22.txt
[Press Space to KILL the Process]

************************************
Pause... Select Process to kill :
0 ... Resume
1 ... msinfo32.exe
************************************

************************************
Killing msinfo32.exe /report F:\out-PANSY-8349E3157-20091110214413\misc\1b7c1a3b
3ded3e610cdb046ddbdf2c22.txt
************************************
Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : nbtstat.exe -A 127.0.0.1
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : nbtstat.exe -S
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : nbtstat.exe -c
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : nbtstat.exe -n
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe user
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe file
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe accounts
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe view
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe start
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe session
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe localgroup administrators /domain
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe localgroup
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe share
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe use
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe localgroup administrators
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : net.exe group
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : netdom.exe query DC
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : openfiles.exe /query /v
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : psfile.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : pslist.exe -t
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : pslist.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : psloggedon.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : psservice.exe
[Press Space to KILL the Process]

Calculating Hash ... Done
End
Verifying ... Success
Start...
Commandline : pstat.exe
[Press Space to KILL the Process]

Calculating Hash ...

Link to comment
Share on other sites

lol just use a usb switchblade

Why not mod this de-caff cofee-thing into a switchblade/hacksaw ?

It has a nice little GUI for adding new functions, randomizes filenames, easy control over load-order and performs hash-checks .. pretty nice IMO .

Could probably even run off the CD-ROM of a capable flash-drive :P

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...