Presentation is loading. Please wait.

Presentation is loading. Please wait.

FOCA 2.5 Chema Alonso. What’s a FOCA? FOCA on Linux?

Published byDoreen Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "FOCA 2.5 Chema Alonso. What’s a FOCA? FOCA on Linux?"— Presentation transcript:

1 FOCA 2.5 Chema Alonso

2 What’s a FOCA?

3 FOCA on Linux?

4 FOCA + Wine

5 Previously on FOCA….

6 FOCA 0.X

7 FOCA: File types supported Office documents: – Open Office documents. – MS Office documents. – PDF Documents. XMP. – EPS Documents. – Graphic documents. EXIFF. XMP. – Adobe Indesign, SVG, SVGZ (NEW)

8 What can be found? Users: – Creators. – Modifiers. – Users in paths. C:\Documents and settings\jfoo\myfile /home/johnnyf Operating systems. Printers. – Local and remote. Paths. – Local and remote. Network info. – Shared Printers. – Shared Folders. – ACLS. Internal Servers. – NetBIOS Name. – Domain Name. – IP Address. Database structures. – Table names. – Colum names. Devices info. – Mobiles. – Photo cameras. Private Info. – Personal data. History of use. Software versions.

9 Pictures with GPS info..

10 Demo: Single files

11 Sample: FBI.gov Total: 4841 files

12 Are they cleaned?

13 FOCA 1 v. RC3 Fingerprinting Organizations with Collected Archives – Search for documents in Google and Bing – Automatic file downloading – Capable of extracting Metadata, hidden info and lost data – Cluster information – Analyzes the info to fingerprint the network.

14 Sample: Printer info found in odf files returned by Google

15 Types of Engineers

16 DNS Prediction

17 Google Sets Prediction

18 Demo: Mda.mil

19

20 FOCA 2.0

21 What’s new in FOCA 2.5? Network Discovery Recursive algorithm Information Gathering Sw Recognition DNS Cache Snooping Reporting Tool

22 FOCA 2.5: Exalead

23 PTR Scannig

24 Bing IP

25 FOCA 2.5 & Shodan

26 Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 1)http -> Web server 2)GET Banner HTTP 3)domain.com is a domain 4)Search NS, MX, SPF records for domain.com 5)sub.domain.com is a subdomain 6)Search NS, MX, SPF records for sub.domain.com 7)Try all the non verified servers on all new domains 1)server01.domain.com 2)server01.sub.domain.com 8)Apple1.sub.domain.com is a hostname 9)Try DNS Prediction (apple1) on all domains 10)Try Google Sets(apple1) on all domains

27 Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 11) Resolve IP Address 12) Get Certificate in https://IPhttps://IP 13) Search for domain names in it 14) Get HTTP Banner of http://IPhttp://IP 15) Use Bing Ip:IP to find all domains sharing it 16) Repeat for every new domain 17) Connect to the internal NS (1 or all) 18) Perform a PTR Scan searching for internal servers 19) For every new IP discovered try Bing IP recursively 20) ~chema -> chema is probably a user

28 Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 21) /, /~chema/ and /~chema/dir/ are paths//~chema//~chema/dir/ 22) Try directory listing in all the paths 23) Search for PUT, DELETE, TRACE methods in every path 24) Fingerprint software from 404 error messages 25) Fingerprint software from application error messages 26) Try common names on all domains (dictionary) 27) Try Zone Transfer on all NS 28) Search for any URL indexed by web engines related to the hostname 29) Download the file 30) Extract the metadata, hidden info and lost data 31) Sort all this information and present it nicely 32) For every new IP/URL start over again

29

30 FOCA 2.5 URL Analysis

31

32 Demo: fbi.gov whitehouse.gov

33 Customizable Search

34 FOCA + Spidering

35

36 DNS Cache Snooping

37

38 DNS Cache Snooping + Evilgrade DNS Cache Snooping + AV bypassing

39 FOCA Reporting Module

40

41 Demo: DNS Cache Snooping

42 FOCA Online http://www.informatica64.com/FOCA

43 Cleaning documents OOMetaExtractor http://www.codeplex.org/oometaextractor

44 IIS MetaShield Protector http://www.metashieldprotector.com

45 Questions at Q&A room 113 -Chema Alonso -chema@informatica64.comchema@informatica64.com -http://www.informatica64.comhttp://www.informatica64.com -http://www.elladodelmal.comhttp://www.elladodelmal.com -http://twitter.com/chemaalonsohttp://twitter.com/chemaalonso -Working on FOCA: -Chema Alonso -Alejandro Martín -Francisco Oca -Manuel Fernández «The Sur» -Daniel Romero -Enrique Rando -Pedro Laguna -Special Thanks to: John Matherly [Shodan]

46 Demo: US Army

Download ppt "FOCA 2.5 Chema Alonso. What’s a FOCA? FOCA on Linux?"

Similar presentations

Basic Internet Terms Digital Design. Arpanet The first Internet prototype created in 1965 by the Department of Defense.

Basic Internet Terms Digital Design. Arpanet The first Internet prototype created in 1965 by the Department of Defense.
Let's say we want to access domain - reliablescribe.com First we need to buy a computer We need to subscribe to an Internet Service Provider (ISP) The.

Let's say we want to access domain - reliablescribe.com First we need to buy a computer We need to subscribe to an Internet Service Provider (ISP) The.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Introduction to Research: The Internet

Introduction to Research: The Internet
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
Name Services Jessie Crane CPSC 550. History ARPAnet – experimental computer network (late 1960s) hosts.txt – a file that contained all the information.

Name Services Jessie Crane CPSC 550. History ARPAnet – experimental computer network (late 1960s) hosts.txt – a file that contained all the information.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
 Speed  Cost  Compatibility with existing H/W and other S/W  Ability to import other files  Quality of documentation  Ease of learning and ease of.

 Speed  Cost  Compatibility with existing H/W and other S/W  Ability to import other files  Quality of documentation  Ease of learning and ease of.
Application Layer. Domain Name System Domain Name System (DNS) Problem – Want to go to www.google.com, but don’t know the IP addresswww.google.com Solution.

Application Layer. Domain Name System Domain Name System (DNS) Problem – Want to go to but don’t know the IP addresswww.google.com Solution.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.

Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
With Internet Explorer 8© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Go! with Internet Explorer 8 Getting Started.

With Internet Explorer 8© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Go! with Internet Explorer 8 Getting Started.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.

Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Module 7: Configuring TCP/IP Addressing and Name Resolution.

Similar presentations

Ads by Google