Hey all, not sure if this is possible but figured ...
# sqlj
Jon Semon
03/09/2022, 1:30 AMHey all, not sure if this is possible but figured this was a good place to ask.. Looking to create a query to view the contents of a .zip file that has no password.. anyone heard of something like this? ๐
Jon Semon
03/09/2022, 2:05 AMI'm not sure if this is feasible with OSQuery or SQL, but I figured it was worth asking in case someone way more intelligent than I knows of something! :)
s
seph
03/09/2022, 6:31 PM
I donโt think Iโve seen one. I could imagine writing one ๐คท
j
Jon Semon
03/09/2022, 6:54 PMI am not highly skilled or confident in my writing abilities for OSQuery that's for sure. lol ๐
b
burdz
03/09/2022, 9:57 PMwould need a lot of work as I just pulled on the common metadata from from files within an archive but based on this idea I quickly hacked something up https://github.com/burdzwastaken/osquery-zip-table/
output: https://gist.github.com/burdzwastaken/bfde5a1ae9008977067cd451f88211cc
might spend some more time on it this weekend polishing it off a tad more
๐๐พ 1
๐ 1
8 Views