Osint ashish mistry

Leveraging OSINT inPenetration Testing By: Ashish Mistry

#whoami● Ashish Mistry● Individual infosec researcher & trainer● www.Hcon.in● HconSTF open source security framework● Hcon Library initiative● Contact : – Fb : Root.hcon – Tw : @hconmedia

OSINT – Open Source INTelligence● It is NOT related to open source software● It is NOT related to open source licenses● It is NOT related to artificial intelligence

What Is OSINT ?Wikipedia :“Open-source intelligence (OSINT) is aform of intelligence collection managementthat involves finding, selecting, andacquiring information from publiclyavailable sources and analyzing it toproduce actionable intelligence”

What is OSINT ? Publicly available information Select / Collecting and storing itAnalysis and relating and filtering it More target specific information ATTACKS

Why OSINT works ?

Humans are social beingswe love to share information

We share information that we are not suppose to share

Sometime it is necessary to give out that much information

So what is the problem ??

internet

Why OSINT for pentesting ?

Some things to consider● Passive (most of it)● Legally provides much larger and wider view towards the target company / person● Uncovers more attack surface● Narrow downs many attack vectors● Helps when you dont have 0days● More specific social engineering attack vector can be crafted● Helps in other steps in a pentest

Leveraging OSINT● Reconnaissance● Vulnerability analysis● Privilege escalation● Social engineering/ profiling people

Reconnaissance● We can have information like – OS – IP – Software / Versions – Geo location

From :● Metadata : – Foca , metagoofil , maltego, exiftool● Online sites : – Shodanhq, Serversniff, netcraft,centralops● Dns/who is info● FF extensions – wappalyzer – Passive recon

Vulnerability analysis● Path discloser● Footholds● Web Server Detection● Vulnerable Files● Vulnerable Servers● Error Messages● Network or vulnerability data● Various Online Devices● Advisories and Vulnerabilities● XSS / LFI / RFI

from● Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress● FF extension: – Meta generator version check● Metadata● http://www.1337day.com/webapps

Privilege escalationWe can have potential● User names● Passwords● Login panelsfor more useful & accurate wordlistgeneration

From ?● Metadata : – Foca , metagoofil , maltego● Emails : – Theharvester , esearchy● Public profiling information – Social media ● Phone numbers ● Family member names ● Birth dates

From cont..● Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals● Wordlist generation : – wyd , cupp, crunch

Social engineering / profiling people● All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures

From ?● People lookup databases● Social networks● Local yellow pages● Mtnl / bsnl tele. Dir● Public mobile info. services

What can we have from OSINT ?

● Email addresses● Phone numbers● User names / password● OS info● IP info● Softwares / version● Geo location● Personal details● vulnerabilities

tools● Foca , metagoofil, exiftool, wyd● Theharvester, esearchy● FF extentions – Pasive recon, meta generator, wappalyzer, exiftool● Sitedigger, seat, search diggity● Creepy, fbpwn● Maltego , netglub

Online resources● Netcraft, centralops, shodanhq, serversniff● Ghdb● foca online, regex.info/exif.cgi● http://tineye.com , http://picfog.com● https://twitpic.com/search ,http://www.pixsy.com/● Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text

Online resources cont...● document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:

Online resources cont...● Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/● People search – 123people – Pipl – openbook

Online resources cont...● Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm

Prevention / counter measures● Policies for social networks – Hr , pr , marketing● Sanitize documents – Remove metadata ● Metadata anonymizing toolkit – MAT ● Oometa extractor , Doc scrubber ● Exiftool ● openDLP , myDLP● Websites – Block UA , dir, custom error msg

Thank youQuestions ??

Osint ashish mistry

by n|u - The Open Security Community

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 332

Statistics

Osint ashish mistry Presentation Transcript

http://null.co.in	331
http://webcache.googleusercontent.com	1