Successfully reported this slideshow.

Defcon 18: FOCA 2

11

Share

Aug. 01, 2010
11 likes 17,407 views
Upcoming SlideShare
Tutorial de-foca
Tutorial de-foca
Loading in …3
×
1 of 43
1 of 43

Defcon 18: FOCA 2

Aug. 01, 2010
11 likes 17,407 views

11

Share

Download to read offline

Slides used by Jose Palazon PALAKO and Chema Alonso to present FOCA 2 in Defcon 18

Slides used by Jose Palazon PALAKO and Chema Alonso to present FOCA 2 in Defcon 18

Recommended

More Related Content

Viewers also liked

Fortificación de MS SharePon
Chema Alonso
Circuitos de Video Vigilancia IP
Chema Alonso
Navegadores en la Empresa
Chema Alonso
MS Forefront Client Security
Chema Alonso
Seguridad en Apache Web Server
Chema Alonso
Asegúr@IT 7: Serialized SQL Injection
Chema Alonso
Connection String Parameter Pollution Attacks
Chema Alonso
Apadrina un malware
Chema Alonso
RootedCON 2011: DUST
Chema Alonso
Hacking, Ciberguerra y otros Palabros
Chema Alonso
Asegúr@IT 7 - Forefront UAG 2010
Chema Alonso
MetaShield Protector & FOCA 2.0
Chema Alonso
Latch MyCar: Documentation
Chema Alonso
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Chema Alonso
Hachetetepé dos puntos SLAAC SLAAC
Chema Alonso
FC00::1 (Algunos) Ataques en IPv6
Chema Alonso
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
Chema Alonso
XSS Google Persistentes
Chema Alonso
Bitdefender - Malware & Mac OS X en la empresa
Chema Alonso

Similar to Defcon 18: FOCA 2

La nueva FOCA 2.7
Eventos Creativos
Defcon 17 Tactical Fingerprinting using Foca
Chema Alonso
The Power of FOCA 3
Chema Alonso
2016 manta raypresentation_av_scanning_disclaimer
Doug Koster
Roelof Temmingh FIRST07 slides
Leon Kuunders
Owasp modern information gathering
KZA
What are-you-investigate-today? (version 2.0)
Xavier Mertens
A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
Tactical Information Gathering
Christian Martorella
Commodity malware means YOU
Michael Gough
Network forensics - Follow the Bad Rabbit down the wire
casheeew
Logging for Hackers - What you need to know to catch them
Michael Gough
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
Gates Toorcon X New School Information Gathering
Chris Gates
再生龍於雲端環境之應用
Chenkai Sun
The Indicators of Compromise
Tomasz Jakubowski
Lecture about network and host security to NII students
Akiumi Hasegawa
Advanced Search Engine Techniques
shekhar619
Hacking techniques
gaurav koriya
Tactical Exploitation - hdm valsmith
amiable_indian

More from Chema Alonso

Índice Pentesting con Kali 2.0
Chema Alonso
Configurar y utilizar Latch en Magento
Chema Alonso
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
Chema Alonso
CritoReto 4: Buscando una aguja en un pajar
Chema Alonso
Dorking & Pentesting with Tacyt
Chema Alonso
Pentesting con PowerShell: Libro de 0xWord
Chema Alonso
Foca API v0.1
Chema Alonso
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Chema Alonso
It's a Kind of Magic
Chema Alonso
Ingenieros y hackers
Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Chema Alonso
Auditoría de TrueCrypt: Informe final fase II
Chema Alonso
El juego es el mismo
Chema Alonso
El Hardware en Apple ¿Es tan bueno?
Chema Alonso
Latch en Linux (Ubuntu): El cerrojo digital
Chema Alonso
Hacking con Python
Chema Alonso
Shuabang Botnet
Chema Alonso
Tu iPhone es tan (in)seguro como tu Windows
Chema Alonso
Codemotion ES 2014: Love Always Takes Care & Humility
Chema Alonso

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The Ministry of Common Sense: How to Eliminate Bureaucratic Red Tape, Bad Excuses, and Corporate BS Martin Lindstrom
(4/5)
Free
Hot Seat: What I Learned Leading a Great American Company Jeff Immelt
(4.5/5)
Free
Ladies Get Paid: The Ultimate Guide to Breaking Barriers, Owning Your Worth, and Taking Command of Your Career Claire Wasserman
(5/5)
Free
We Should All Be Millionaires: A Woman’s Guide to Earning More, Building Wealth, and Gaining Economic Power Rachel Rodgers
(4.5/5)
Free
Believe IT: How to Go from Underestimated to Unstoppable Jamie Kern Lima
(4.5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Ask for More: 10 Questions to Negotiate Anything Alexandra Carter
(4/5)
Free
How to Lead: Wisdom from the World's Greatest CEOs, Founders, and Game Changers David M. Rubenstein
(5/5)
Free
Blue-Collar Cash: Love Your Work, Secure Your Future, and Find Happiness for Life Ken Rusk
(4/5)
Free
How I Built This: The Unexpected Paths to Success from the World's Most Inspiring Entrepreneurs Guy Raz
(4.5/5)
Free
Inclusify: The Power of Uniqueness and Belonging to Build Innovative Teams Stefanie K. Johnson
(0/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Power, for All: How It Really Works and Why It's Everyone's Business Julie Battilana
(4/5)
Free
The Perfect Day to Boss Up Rick Ross
(4.5/5)
Free
Twelve and a Half: Leveraging the Emotional Ingredients Necessary for Business Success Gary Vaynerchuk
(5/5)
Free
You're Cute When You're Mad: Simple Steps for Confronting Sexism Celeste Headlee
(4/5)
Free
The Power of Conflict: Speak Your Mind and Get the Results You Want Jon Taffer
(0/5)
Free
Four Thousand Weeks: Time Management for Mortals Oliver Burkeman
(5/5)
Free
Disrupting the Game: From the Bronx to the Top of Nintendo Reggie Fils-Aimé
(5/5)
Free
Your Work from Home Life: Redefine, Reorganize and Reinvent Your Remote Work (Tips for Building a Home-Based Working Career) M.J. Fievre
(4/5)
Free
Outstanding Leadership Stan Toler
(4/5)
Free
Full Out: Lessons in Life and Leadership from America's Favorite Coach Monica Aldama
(4/5)
Free
Pressure Makes Diamonds: Becoming the Woman I Pretended to Be Valerie Graves
(4.5/5)
Free
Just Work: How to Root Out Bias, Prejudice, and Bullying to Build a Kick-Ass Culture of Inclusivity Kimberly Scott
(3.5/5)
Free
The Three Happy Habits: Techniques Leaders Use to Fight Burnout, Build Resilience and Create Thriving Workplace Cultures Beth Ridley
(4.5/5)
Free
Own the Arena: Getting Ahead, Making a Difference, and Succeeding as the Only One Katrina M. Adams
(5/5)
Free
Subtract: The Untapped Science of Less Leidy Klotz
(4/5)
Free
Create: Tools from Seriously Talented People to Unleash Your Creative Life Marc Silber
(4.5/5)
Free

Defcon 18: FOCA 2

  1. 1. FOCA 2.5 Chema Alonso José Palazón «PALAKO»
  2. 2. What our FOCA is not
  3. 3. What our FOCA is not
  4. 4. What’s a FOCA?
  5. 5. FOCA on Linux?
  6. 6. Previously on FOCA….
  7. 7. FOCA 0.X
  8. 8. FOCA: File types supported <ul><li>Office documents: </li></ul><ul><ul><li>Open Office documents. </li></ul></ul><ul><ul><li>MS Office documents. </li></ul></ul><ul><ul><li>PDF Documents. </li></ul></ul><ul><ul><ul><li>XMP. </li></ul></ul></ul><ul><ul><li>EPS Documents. </li></ul></ul><ul><ul><li>Graphic documents. </li></ul></ul><ul><ul><ul><li>EXIFF. </li></ul></ul></ul><ul><ul><ul><li>XMP. </li></ul></ul></ul><ul><ul><li>Adobe Indesign, SVG, SVGZ ( NEW ) </li></ul></ul>
  9. 9. What can be found?
  10. 10. Pictures with GPS info..
  11. 11. Demo: Single files
  12. 12. Sample: mda.mil Total: 1075 files
  13. 13. Sample: FBI.gov Total: 4841 files
  14. 14. FOCA 1 v. RC3 <ul><li>Fingerprinting Organizations with Collected Archives </li></ul><ul><ul><li>Search for documents in Google and Bing </li></ul></ul><ul><ul><li>Automatic file downloading </li></ul></ul><ul><ul><li>Capable of extracting Metadata, hidden info and lost data </li></ul></ul><ul><ul><li>Cluster information </li></ul></ul><ul><ul><li>Analyzes the info to fingerprint the network. </li></ul></ul>
  15. 15. DNS Prediction
  16. 16. Google Sets Prediction
  17. 17. Sample: Printer info found in odf files returned by Google
  18. 18. Demo: Whitehouse.gov
  19. 19. Yes, we can!
  20. 20. FOCA 2.0
  21. 21. What’s new in FOCA 2.5? <ul><li>Network Discovery </li></ul><ul><li>Recursive algorithm </li></ul><ul><li>Information Gathering </li></ul><ul><li>Sw Recognition </li></ul><ul><li>DNS Cache Snooping </li></ul><ul><li>Reporting Tool </li></ul>
  22. 22. FOCA 2.5: Exalead
  23. 23. PTR Scannig
  24. 24. Bing IP
  25. 25. FOCA 2.5 & Shodan
  26. 26. Network Discovery Algorithm <ul><li>http://apple1.sub.domain.com/~chema/dir/fil.doc </li></ul><ul><li>http -> Web server </li></ul><ul><li>GET Banner HTTP </li></ul><ul><li>domain.com is a domain </li></ul><ul><li>Search NS, MX, SPF records for domain.com </li></ul><ul><li>sub.domain.com is a subdomain </li></ul><ul><li>Search NS, MX, SPF records for sub.domain.com </li></ul><ul><li>Try all the non verified servers on all new domains </li></ul><ul><ul><li>server01.domain.com </li></ul></ul><ul><ul><li>server01.sub.domain.com </li></ul></ul><ul><li>Apple1.sub.domain.com is a hostname </li></ul><ul><li>Try DNS Prediction (apple1) on all domains </li></ul><ul><li>Try Google Sets(apple1) on all domains </li></ul>
  27. 27. Network Discovery Algorithm <ul><li>http://apple1.sub.domain.com/~chema/dir/fil.doc </li></ul><ul><li>11) Resolve IP Address </li></ul><ul><li>12) Get HTTP Banner of http://IP </li></ul><ul><li>13) Use Bing Ip:IP to find all domains sharing it </li></ul><ul><li>14) Repeat for every new domain </li></ul><ul><li>15) Connect to the internal NS (1 or all) </li></ul><ul><li>16) Perform a PTR Scan searching for internal servers </li></ul><ul><li>17) For every new IP discovered try Bing IP recursively </li></ul><ul><li>18) ~chema -> chema is probably a user </li></ul>
  28. 28. Network Discovery Algorithm <ul><li>http://apple1.sub.domain.com/~chema/dir/fil.doc </li></ul><ul><li>19) / , /~chema/ and /~chema/dir/ are paths </li></ul><ul><li>20) Try directory listing in all the paths </li></ul><ul><li>21) Search for PUT, DELETE, TRACE methods in every path </li></ul><ul><li>22) Fingerprint software from 404 error messages </li></ul><ul><li>23) Fingerprint software from application error messages </li></ul><ul><li>24) Try common names on all domains (dictionary) </li></ul><ul><li>25) Try Zone Transfer on all NS </li></ul><ul><li>26) Search for any URL indexed by web engines related to the hostname </li></ul><ul><li>27) Download the file </li></ul><ul><li>28) Extract the metadata, hidden info and lost data </li></ul><ul><li>29) Sort all this information and present it nicely </li></ul><ul><li>30) For every new IP/URL start over again </li></ul>
  29. 30. FOCA 2.5 URL Analysis
  30. 31. FOCA 2.5 URL Analysis
  31. 32. Demo: Whitehouse.gov
  32. 33. Yes, we can!
  33. 34. DNS Cache Snooping
  34. 35. FOCA Reporting Module
  35. 36. FOCA Reporting Module
  36. 37. Demo: DNS Cache Snooping
  37. 38. FOCA Online http://www.informatica64.com/FOCA
  38. 39. IIS MetaShield Protector http://www.metashieldprotector.com
  39. 40. Cleaning documents <ul><li>OOMetaExtractor </li></ul>http://www.codeplex.org/oometaextractor
  40. 41. Questions at Q&A room 113 <ul><li>Speakers: </li></ul><ul><li>Chema Alonso </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>Blog: http://elladodelmal.blogspot.com </li></ul></ul><ul><ul><li>http://twitter.com/chemaalonso </li></ul></ul><ul><li>José Palazón «PALAKO» </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Working on FOCA: </li></ul><ul><ul><li>Chema Alonso </li></ul></ul><ul><ul><li>Alejandro Martín </li></ul></ul><ul><ul><li>Francisco Oca </li></ul></ul><ul><ul><li>Manuel Fernández «The Sur» </li></ul></ul><ul><ul><li>Daniel Romero </li></ul></ul><ul><ul><li>Enrique Rando </li></ul></ul><ul><ul><li>Pedro Laguna </li></ul></ul><ul><ul><li>Special Thanks to: John Matherly [Shodan] </li></ul></ul>
  41. 42. … and Tomorrow here at 19:00
  42. 43. Demo: US Army

×