2.7.1 version<br />Chema Alonso<br />
FOCA 0.X<br />
MetadataRisks<br />“Secret” relationships<br />Government & companies<br />Companies & providers<br />Piracy<br />Reputati...
FOCA: File types supported<br /><ul><li>Office documents:
Open Office documents.
MS Office documents.
PDF Documents.
XMP.
EPS Documents.
Graphic documents.
EXIF.
XMP.
Adobe Indesign, SVG, SVGZ</li></li></ul><li>What can be found? <br /><ul><li>Users:
Creators.
Modifiers .
Users in paths.
C:Documents and settingsjfoomyfile
/home/johnnyf
Operating systems.
Printers.
Local and remote.
Paths.
Local and remote.
Network info.
Shared Printers.
Shared Folders.
ACLS.
Internal Servers.
NetBIOS Name.
Domain Name.
IP Address.
Database structures.
Table names.
Colum names.
Devices info.
Mobiles.
Photo cameras.
Private Info.
Personal data.
History of use.
Software versions.</li></li></ul><li>Sample: FBI.gov<br />Total:  4841 files<br />
Upcoming SlideShare
Loading in...5
×

La nueva FOCA 2.7

1,443

Published on

Charla impartida por Chema Alonso en el IV Curso de Verano de Seguridad Informática de la Universidad Europea de Madrid.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,443
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
100
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

La nueva FOCA 2.7

  1. 1. 2.7.1 version<br />Chema Alonso<br />
  2. 2. FOCA 0.X<br />
  3. 3. MetadataRisks<br />“Secret” relationships<br />Government & companies<br />Companies & providers<br />Piracy<br />Reputation<br />Social engineering attacks<br />Targeting Malware<br />
  4. 4. FOCA: File types supported<br /><ul><li>Office documents:
  5. 5. Open Office documents.
  6. 6. MS Office documents.
  7. 7. PDF Documents.
  8. 8. XMP.
  9. 9. EPS Documents.
  10. 10. Graphic documents.
  11. 11. EXIF.
  12. 12. XMP.
  13. 13. Adobe Indesign, SVG, SVGZ</li></li></ul><li>What can be found? <br /><ul><li>Users:
  14. 14. Creators.
  15. 15. Modifiers .
  16. 16. Users in paths.
  17. 17. C:Documents and settingsjfoomyfile
  18. 18. /home/johnnyf
  19. 19. Operating systems.
  20. 20. Printers.
  21. 21. Local and remote.
  22. 22. Paths.
  23. 23. Local and remote.
  24. 24. Network info.
  25. 25. Shared Printers.
  26. 26. Shared Folders.
  27. 27. ACLS.
  28. 28. Internal Servers.
  29. 29. NetBIOS Name.
  30. 30. Domain Name.
  31. 31. IP Address.
  32. 32. Database structures.
  33. 33. Table names.
  34. 34. Colum names.
  35. 35. Devices info.
  36. 36. Mobiles.
  37. 37. Photo cameras.
  38. 38. Private Info.
  39. 39. Personal data.
  40. 40. History of use.
  41. 41. Software versions.</li></li></ul><li>Sample: FBI.gov<br />Total: 4841 files<br />
  42. 42. FOCA 1 v. RC3<br /><ul><li>Fingerprinting Organizations with Collected Archives
  43. 43. Search for documents in Google and Bing
  44. 44. Automatic file downloading
  45. 45. Capable of extracting Metadata, hidden info and lost data
  46. 46. Cluster information
  47. 47. Analyzes the info to fingerprint the network.</li></li></ul><li>
  48. 48. Howmaydaysto do thepentesting?<br />
  49. 49. Sometimes…a pentesterneedsto be a SuperHero<br />
  50. 50. FOCA 2.5<br /><ul><li>Network Discovery
  51. 51. Recursivealgorithm
  52. 52. InformationGathering
  53. 53. SwRecognition
  54. 54. DNS Cache Snooping
  55. 55. ReportingTool</li></li></ul><li>DNS Search Panel<br />
  56. 56. Network DiscoveryAlgorithm<br />http://apple1.sub.domain.com/~chema/dir/fil.doc<br />http -> Web server <br />GET Banner HTTP<br />domain.com is a domain<br />Search NS, MX, SPF records for domain.com<br />sub.domain.com is a subdomain<br />Search NS, MX, SPF records for sub.domain.com<br />Try allthe non verified servers onall new domains<br />server01.domain.com<br />server01.sub.domain.com<br />Apple1.sub.domain.com is a hostname<br />Try DNS Prediction (apple1) onalldomains<br />Try Google Sets(apple1) onalldomains<br />
  57. 57. Network DiscoveryAlgorithm<br />http://apple1.sub.domain.com/~chema/dir/fil.doc<br />11) Resolve IP Address<br />12) GetCertificate in https://IP<br />13) Searchfordomainnames in it<br />14) Get HTTP Banner of http://IP<br />15) Use Bing Ip:IPtofindalldomainssharingit<br />16) Repeatforevery new domain<br />17) Connecttotheinternal NS (1 orall)<br />18) Perform a PTR Scansearchingforinternal servers<br />19) Forevery new IP discovered try Bing IP recursively<br />20) ~chema-> chemaisprobably a user<br />
  58. 58. Network DiscoveryAlgorithm<br />http://apple1.sub.domain.com/~chema/dir/fil.doc<br />21) / , /~chema/ and /~chema/dir/ are paths<br />22) Try directorylisting in allthepaths<br />23) Searchfor PUT, DELETE, TRACE methods in everypath<br />24) Fingerprint software from 404 error messages<br />25) Fingerprint software fromapplication error messages<br />26) Try commonnamesonalldomains (dictionary)<br />27) Try Zone Transfer onall NS<br />28) Searchforany URL indexedby web enginesrelatedtothehostname<br />29) Downloadthe file<br />30) Extractthemetadata, hiddeninfo and lost data<br />31) Sortallthisinformationand presentitnicely<br />32) Forevery new IP/URL startoveragain<br />
  59. 59.
  60. 60. FOCA 2.5: Exalead<br />
  61. 61. Hugedomains case<br />
  62. 62. Digital Certificates<br />
  63. 63. FOCA 2.5 & Shodan<br />
  64. 64. FOCA 2.5 URL Analysis<br />
  65. 65. .listing<br />
  66. 66. Unsecure Http Methods<br />
  67. 67. Search & Upload<br />
  68. 68. Searchingfor Server-Side Technologies<br />
  69. 69. Fuzzingoptions<br />
  70. 70. DNS Cache Snooping<br />
  71. 71. FOCA Reporting Module<br />
  72. 72. What’s new<br />In 2.7.1<br />
  73. 73. RDP & ICA Files Analysis<br />
  74. 74. SquidProxies<br />
  75. 75. DNS Records<br />
  76. 76. NetrangeScan<br />
  77. 77. ParametrizedURLs<br />
  78. 78. Easy Bugs search<br />
  79. 79. TaskList<br />
  80. 80. Plugins<br />
  81. 81. FearThe FOCA<br />
  82. 82. IIS MetaShield Protector<br />http://www.metashieldprotector.com<br />
  83. 83. Buy a FOCA T-Shirt<br />And be «Sexy» }:))<br />
  84. 84. Questions?<br /><ul><li>Chema Alonso
  85. 85. chema@informatica64.com
  86. 86. http://www.informatica64.com
  87. 87. http://www.elladodelmal.com
  88. 88. http://twitter.com/chemaalonso
  89. 89. http://www.forefront-es.com
  90. 90. http://www.seguridadapple.com
  91. 91. http://www.windowstecnico.com
  92. 92. http://www.puntocompartido.com
  93. 93. Workingon FOCA:
  94. 94. Chema Alonso
  95. 95. Alejandro Martín
  96. 96. Francisco Oca
  97. 97. Manuel Fernández «The Sur»
  98. 98. Daniel Romero
  99. 99. Enrique Rando
  100. 100. Pedro Laguna
  101. 101. SpecialThanksto: John Matherly [Shodan]</li>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×