SlideShare une entreprise Scribd logo

Pentesting drivenbyfoca slides

BIT Technologies
BIT Technologies
Technologie
1  sur  45
FOCA 2.5 Chema Alonso
What’s a FOCA?
FOCA on Linux?
FOCA + Wine
Previously on FOCA….
FOCA 0.X
FOCA: File types supported • Office documents: – Open Office documents. – MS Office documents. – PDF Documents. • XMP. – EPS Documents. – Graphic documents. • EXIFF. • XMP. – Adobe Indesign, SVG, SVGZ (NEW)
What can be found? • Users: – Creators. – Modifiers . – Users in paths. • C:Documents and settingsjfoomyfile • /home/johnnyf • Operating systems. • Printers. – Local and remote. • Paths. – Local and remote. • Network info. – Shared Printers. – Shared Folders. – ACLS. • Internal Servers. – NetBIOS Name. – Domain Name. – IP Address. • Database structures. – Table names. – Colum names. • Devices info. – Mobiles. – Photo cameras. • Private Info. – Personal data. • History of use. • Software versions.
Pictures with GPS info..
Demo: Single files
Sample: FBI.gov Total: 4841 files
Are they cleaned?
FOCA 1 v. RC3 • Fingerprinting Organizations with Collected Archives – Search for documents in Google and Bing – Automatic file downloading – Capable of extracting Metadata, hidden info and lost data – Cluster information – Analyzes the info to fingerprint the network.
Sample: Printer info found in odf files returned by Google
Types of Engineers
DNS Prediction
Google Sets Prediction
Demo: Mda.mil
FOCA 2.0
What’s new in FOCA 2.5? • Network Discovery • Recursive algorithm • Information Gathering • Sw Recognition • DNS Cache Snooping • Reporting Tool
FOCA 2.5: Exalead
PTR Scannig
Bing IP
FOCA 2.5 & Shodan
Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 1) http -> Web server 2) GET Banner HTTP 3) domain.com is a domain 4) Search NS, MX, SPF records for domain.com 5) sub.domain.com is a subdomain 6) Search NS, MX, SPF records for sub.domain.com 7) Try all the non verified servers on all new domains 1) server01.domain.com 2) server01.sub.domain.com 8) Apple1.sub.domain.com is a hostname 9) Try DNS Prediction (apple1) on all domains 10) Try Google Sets(apple1) on all domains
Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 11) Resolve IP Address 12) Get Certificate in https://IP 13) Search for domain names in it 14) Get HTTP Banner of http://IP 15) Use Bing Ip:IP to find all domains sharing it 16) Repeat for every new domain 17) Connect to the internal NS (1 or all) 18) Perform a PTR Scan searching for internal servers 19) For every new IP discovered try Bing IP recursively 20) ~chema -> chema is probably a user
Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 21) / , /~chema/ and /~chema/dir/ are paths 22) Try directory listing in all the paths 23) Search for PUT, DELETE, TRACE methods in every path 24) Fingerprint software from 404 error messages 25) Fingerprint software from application error messages 26) Try common names on all domains (dictionary) 27) Try Zone Transfer on all NS 28) Search for any URL indexed by web engines related to the hostname 29) Download the file 30) Extract the metadata, hidden info and lost data 31) Sort all this information and present it nicely 32) For every new IP/URL start over again
FOCA 2.5 URL Analysis
FOCA 2.5 URL Analysis
Demo: fbi.gov whitehouse.gov
Customizable Search
FOCA + Spidering
FOCA + Spidering
DNS Cache Snooping
DNS Cache Snooping
DNS Cache Snooping • DNS Cache Snooping + Evilgrade • DNS Cache Snooping + AV bypassing
FOCA Reporting Module
FOCA Reporting Module
Demo: DNS Cache Snooping
FOCA Online http://www.informatica64.com/FOCA
Cleaning documents • OOMetaExtractor http://www.codeplex.org/oometaextractor
IIS MetaShield Protector http://www.metashieldprotector.com
Questions at Q&A room 113 - Chema Alonso - chema@informatica64.com - http://www.informatica64.com - http://www.elladodelmal.com - http://twitter.com/chemaalonso - Working on FOCA: - Chema Alonso - Alejandro Martín - Francisco Oca - Manuel Fernández «The Sur» - Daniel Romero - Enrique Rando - Pedro Laguna - Special Thanks to: John Matherly [Shodan]

Recommandé

Defcon 18: FOCA 2
Defcon 18: FOCA 2Defcon 18: FOCA 2
Defcon 18: FOCA 2
Chema Alonso
 
Piping into-php
Piping into-phpPiping into-php
Piping into-php
Shaun Morrow
 
Basic linux day 4
Basic linux day 4Basic linux day 4
Basic linux day 4
Saikumar Daram
 
Pharo4: Plans and Dreams
Pharo4: Plans and DreamsPharo4: Plans and Dreams
Pharo4: Plans and Dreams
Marcus Denker
 
Hosts
HostsHosts
Hosts
Khoa Huu
 
FISL XIV - The ELF File Format and the Linux Loader
FISL XIV - The ELF File Format and the Linux LoaderFISL XIV - The ELF File Format and the Linux Loader
FISL XIV - The ELF File Format and the Linux Loader
John Tortugo
 
List of Files Format
List of Files FormatList of Files Format
List of Files Format
Daivik Narayan
 
Linux kernel development
Linux kernel developmentLinux kernel development
Linux kernel development
Ramin Farajpour Cami
 

Recommandé

Defcon 18: FOCA 2
Defcon 18: FOCA 2Defcon 18: FOCA 2
Defcon 18: FOCA 2
Chema Alonso
 
Piping into-php
Piping into-phpPiping into-php
Piping into-php
Shaun Morrow
 
Basic linux day 4
Basic linux day 4Basic linux day 4
Basic linux day 4
Saikumar Daram
 
Pharo4: Plans and Dreams
Pharo4: Plans and DreamsPharo4: Plans and Dreams
Pharo4: Plans and Dreams
Marcus Denker
 
Hosts
HostsHosts
Hosts
Khoa Huu
 
FISL XIV - The ELF File Format and the Linux Loader
FISL XIV - The ELF File Format and the Linux LoaderFISL XIV - The ELF File Format and the Linux Loader
FISL XIV - The ELF File Format and the Linux Loader
John Tortugo
 
List of Files Format
List of Files FormatList of Files Format
List of Files Format
Daivik Narayan
 
Linux kernel development
Linux kernel developmentLinux kernel development
Linux kernel development
Ramin Farajpour Cami
 
Rakesh Kaushik
Rakesh KaushikRakesh Kaushik
Rakesh Kaushik
itplant
 
Make own you kernel os
Make own you kernel osMake own you kernel os
Make own you kernel os
Ramin Farajpour Cami
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
Schizophrenic files
Schizophrenic filesSchizophrenic files
Schizophrenic files
Ange Albertini
 
Linux kernel booting
Linux kernel bootingLinux kernel booting
Linux kernel booting
Ramin Farajpour Cami
 
Hammertoss: Proof of concept in C#
Hammertoss: Proof of concept in C#Hammertoss: Proof of concept in C#
Hammertoss: Proof of concept in C#
Salvatore Saeli
 
Raspberry zero usb in linux
Raspberry zero usb in linuxRaspberry zero usb in linux
Raspberry zero usb in linux
GSHCO
 
はじめてでもわかるデータ入出力
はじめてでもわかるデータ入出力はじめてでもわかるデータ入出力
はじめてでもわかるデータ入出力
Masahiro Hayashi
 
Instruction addressing and execution
Instruction addressing and executionInstruction addressing and execution
Instruction addressing and execution
Silvia
 
Hosts
HostsHosts
Hosts
hoaphung0510
 
Hosts
HostsHosts
Hosts
Ho Ngoc Nhi
 
Unit 7
Unit 7Unit 7
Unit 7
siddr
 
Unix system programming
Unix system programmingUnix system programming
Unix system programming
Syed Mustafa
 
Shell scripting
Shell scriptingShell scripting
Shell scripting
DeepakKumar4980
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection Linux
Shriharsh Shendre
 
1.2 boot the system v2
1.2 boot the system v21.2 boot the system v2
1.2 boot the system v2
Acácio Oliveira
 
Part 03 File System Implementation in Linux
Part 03 File System Implementation in LinuxPart 03 File System Implementation in Linux
Part 03 File System Implementation in Linux
Tushar B Kute
 
La nueva FOCA 2.7
La nueva FOCA 2.7La nueva FOCA 2.7
La nueva FOCA 2.7
Eventos Creativos
 
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
Shailendra Sadh - CISSP
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Foca training hackcon6
Foca training hackcon6Foca training hackcon6
Foca training hackcon6
Chema Alonso
 
lamp technology
lamp technologylamp technology
lamp technology
Deepa
 

Contenu connexe

Tendances

Rakesh Kaushik
Rakesh KaushikRakesh Kaushik
Rakesh Kaushik
itplant
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
Unit 7
Unit 7Unit 7
Unit 7
siddr
 

Tendances (17)

Rakesh Kaushik
Rakesh KaushikRakesh Kaushik
Rakesh Kaushik
 
Make own you kernel os
Make own you kernel osMake own you kernel os
Make own you kernel os
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
 
Schizophrenic files
Schizophrenic filesSchizophrenic files
Schizophrenic files
 
Linux kernel booting
Linux kernel bootingLinux kernel booting
Linux kernel booting
 
Hammertoss: Proof of concept in C#
Hammertoss: Proof of concept in C#Hammertoss: Proof of concept in C#
Hammertoss: Proof of concept in C#
 
Raspberry zero usb in linux
Raspberry zero usb in linuxRaspberry zero usb in linux
Raspberry zero usb in linux
 
はじめてでもわかるデータ入出力
はじめてでもわかるデータ入出力はじめてでもわかるデータ入出力
はじめてでもわかるデータ入出力
 
Instruction addressing and execution
Instruction addressing and executionInstruction addressing and execution
Instruction addressing and execution
 
Hosts
HostsHosts
Hosts
 
Hosts
HostsHosts
Hosts
 
Unit 7
Unit 7Unit 7
Unit 7
 
Unix system programming
Unix system programmingUnix system programming
Unix system programming
 
Shell scripting
Shell scriptingShell scripting
Shell scripting
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection Linux
 
1.2 boot the system v2
1.2 boot the system v21.2 boot the system v2
1.2 boot the system v2
 
Part 03 File System Implementation in Linux
Part 03 File System Implementation in LinuxPart 03 File System Implementation in Linux
Part 03 File System Implementation in Linux
 

Similaire à Pentesting drivenbyfoca slides

lamp technology
lamp technologylamp technology
lamp technology
Deepa
 
Deepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa ppt about lamp technology
Deepa ppt about lamp technology
Deepa
 
Lamp technology
Lamp technologyLamp technology
Lamp technology
2tharan21
 
Lamp1
Lamp1Lamp1
Lamp1
Reka
 
Lamp
LampLamp
Lamp
Reka
 

Similaire à Pentesting drivenbyfoca slides (20)

La nueva FOCA 2.7
La nueva FOCA 2.7La nueva FOCA 2.7
La nueva FOCA 2.7
 
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Foca training hackcon6
Foca training hackcon6Foca training hackcon6
Foca training hackcon6
 
lamp technology
lamp technologylamp technology
lamp technology
 
Deepa ppt about lamp technology
Deepa ppt about lamp technologyDeepa ppt about lamp technology
Deepa ppt about lamp technology
 
FOCA 2.5.5 Training
FOCA 2.5.5 TrainingFOCA 2.5.5 Training
FOCA 2.5.5 Training
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdf
 
Lamp technology
Lamp technologyLamp technology
Lamp technology
 
Plan9: Bad Movie, Good Operating System
Plan9: Bad Movie, Good Operating SystemPlan9: Bad Movie, Good Operating System
Plan9: Bad Movie, Good Operating System
 
big data ppt.ppt
big data ppt.pptbig data ppt.ppt
big data ppt.ppt
 
Chapter 3 footprinting
Chapter 3 footprintingChapter 3 footprinting
Chapter 3 footprinting
 
Lamp1
Lamp1Lamp1
Lamp1
 
Lamp1
Lamp1Lamp1
Lamp1
 
Lamp
LampLamp
Lamp
 
Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018
 
Ppt
PptPpt
Ppt
 
9P Overview
9P Overview9P Overview
9P Overview
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
 
Lecture17.ppt
Lecture17.pptLecture17.ppt
Lecture17.ppt
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Pentesting drivenbyfoca slides