La nueva FOCA 2.7
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

La nueva FOCA 2.7

  • 1,790 views
Uploaded on

Charla impartida por Chema Alonso en el IV Curso de Verano de Seguridad Informática de la Universidad Europea de Madrid.

Charla impartida por Chema Alonso en el IV Curso de Verano de Seguridad Informática de la Universidad Europea de Madrid.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,790
On Slideshare
1,790
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
96
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 2.7.1 version
    Chema Alonso
  • 2. FOCA 0.X
  • 3. MetadataRisks
    “Secret” relationships
    Government & companies
    Companies & providers
    Piracy
    Reputation
    Social engineering attacks
    Targeting Malware
  • 4. FOCA: File types supported
  • What can be found?
  • Sample: FBI.gov
    Total: 4841 files
  • 42. FOCA 1 v. RC3
    • Fingerprinting Organizations with Collected Archives
    • 43. Search for documents in Google and Bing
    • 44. Automatic file downloading
    • 45. Capable of extracting Metadata, hidden info and lost data
    • 46. Cluster information
    • 47. Analyzes the info to fingerprint the network.
  • 48. Howmaydaysto do thepentesting?
  • 49. Sometimes…a pentesterneedsto be a SuperHero
  • 50. FOCA 2.5
  • DNS Search Panel
  • 56. Network DiscoveryAlgorithm
    http://apple1.sub.domain.com/~chema/dir/fil.doc
    http -> Web server
    GET Banner HTTP
    domain.com is a domain
    Search NS, MX, SPF records for domain.com
    sub.domain.com is a subdomain
    Search NS, MX, SPF records for sub.domain.com
    Try allthe non verified servers onall new domains
    server01.domain.com
    server01.sub.domain.com
    Apple1.sub.domain.com is a hostname
    Try DNS Prediction (apple1) onalldomains
    Try Google Sets(apple1) onalldomains
  • 57. Network DiscoveryAlgorithm
    http://apple1.sub.domain.com/~chema/dir/fil.doc
    11) Resolve IP Address
    12) GetCertificate in https://IP
    13) Searchfordomainnames in it
    14) Get HTTP Banner of http://IP
    15) Use Bing Ip:IPtofindalldomainssharingit
    16) Repeatforevery new domain
    17) Connecttotheinternal NS (1 orall)
    18) Perform a PTR Scansearchingforinternal servers
    19) Forevery new IP discovered try Bing IP recursively
    20) ~chema-> chemaisprobably a user
  • 58. Network DiscoveryAlgorithm
    http://apple1.sub.domain.com/~chema/dir/fil.doc
    21) / , /~chema/ and /~chema/dir/ are paths
    22) Try directorylisting in allthepaths
    23) Searchfor PUT, DELETE, TRACE methods in everypath
    24) Fingerprint software from 404 error messages
    25) Fingerprint software fromapplication error messages
    26) Try commonnamesonalldomains (dictionary)
    27) Try Zone Transfer onall NS
    28) Searchforany URL indexedby web enginesrelatedtothehostname
    29) Downloadthe file
    30) Extractthemetadata, hiddeninfo and lost data
    31) Sortallthisinformationand presentitnicely
    32) Forevery new IP/URL startoveragain
  • 59.
  • 60. FOCA 2.5: Exalead
  • 61. Hugedomains case
  • 62. Digital Certificates
  • 63. FOCA 2.5 & Shodan
  • 64. FOCA 2.5 URL Analysis
  • 65. .listing
  • 66. Unsecure Http Methods
  • 67. Search & Upload
  • 68. Searchingfor Server-Side Technologies
  • 69. Fuzzingoptions
  • 70. DNS Cache Snooping
  • 71. FOCA Reporting Module
  • 72. What’s new
    In 2.7.1
  • 73. RDP & ICA Files Analysis
  • 74. SquidProxies
  • 75. DNS Records
  • 76. NetrangeScan
  • 77. ParametrizedURLs
  • 78. Easy Bugs search
  • 79. TaskList
  • 80. Plugins
  • 81. FearThe FOCA
  • 82. IIS MetaShield Protector
    http://www.metashieldprotector.com
  • 83. Buy a FOCA T-Shirt
    And be «Sexy» }:))
  • 84. Questions?
    • Chema Alonso
    • 85. chema@informatica64.com
    • 86. http://www.informatica64.com
    • 87. http://www.elladodelmal.com
    • 88. http://twitter.com/chemaalonso
    • 89. http://www.forefront-es.com
    • 90. http://www.seguridadapple.com
    • 91. http://www.windowstecnico.com
    • 92. http://www.puntocompartido.com
    • 93. Workingon FOCA:
    • 94. Chema Alonso
    • 95. Alejandro Martín
    • 96. Francisco Oca
    • 97. Manuel Fernández «The Sur»
    • 98. Daniel Romero
    • 99. Enrique Rando
    • 100. Pedro Laguna
    • 101. SpecialThanksto: John Matherly [Shodan]