foca 2 5 n.
Download
Skip this Video
Download Presentation
FOCA 2.5

Loading in 2 Seconds...

play fullscreen
1 / 45

FOCA 2.5 - PowerPoint PPT Presentation


  • 167 Views
  • Uploaded on

FOCA 2.5. Chema Alonso. What’s a FOCA?. FOCA on Linux?. FOCA + Wine. Previously on FOCA…. FOCA 0.X. FOCA: File types supported. Office documents: Open Office documents. MS Office documents. PDF Documents. XMP. EPS Documents. Graphic documents. EXIFF. XMP.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FOCA 2.5' - habib


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
foca 2 5

FOCA 2.5

Chema Alonso

slide5

Previously on

FOCA….

foca file types supported
FOCA: File types supported
  • Office documents:
    • Open Office documents.
    • MS Office documents.
    • PDF Documents.
      • XMP.
    • EPS Documents.
    • Graphic documents.
      • EXIFF.
      • XMP.
    • Adobe Indesign, SVG, SVGZ (NEW)
what can be found
What can be found?
  • Users:
    • Creators.
    • Modifiers .
    • Users in paths.
      • C:\Documents and settings\jfoo\myfile
      • /home/johnnyf
  • Operating systems.
  • Printers.
    • Local and remote.
  • Paths.
    • Local and remote.
  • Network info.
    • Shared Printers.
    • Shared Folders.
    • ACLS.
  • Internal Servers.
    • NetBIOS Name.
    • Domain Name.
    • IP Address.
  • Database structures.
    • Table names.
    • Colum names.
  • Devices info.
    • Mobiles.
    • Photo cameras.
  • Private Info.
    • Personal data.
  • History of use.
  • Software versions.
slide10

Demo:

Single files

sample fbi gov
Sample: FBI.gov

Total: 4841 files

foca 1 v rc3
FOCA 1 v. RC3
  • Fingerprinting Organizations with Collected Archives
    • Search for documents in Google and Bing
    • Automatic file downloading
    • Capable of extracting Metadata, hidden info and lost data
    • Cluster information
    • Analyzes the info to fingerprint the network.
slide18

Demo:

Mda.mil

what s new in foca 2 5
What’s new in FOCA 2.5?
  • Network Discovery
  • Recursivealgorithm
  • InformationGathering
  • SwRecognition
  • DNS Cache Snooping
  • ReportingTool
network discovery algorithm
Network DiscoveryAlgorithm

http://apple1.sub.domain.com/~chema/dir/fil.doc

  • http -> Web server
  • GET Banner HTTP
  • domain.com is a domain
  • Search NS, MX, SPF records for domain.com
  • sub.domain.com is a subdomain
  • Search NS, MX, SPF records for sub.domain.com
  • Try allthe non verified servers onall new domains
    • server01.domain.com
    • server01.sub.domain.com
  • Apple1.sub.domain.com is a hostname
  • Try DNS Prediction (apple1) onalldomains
  • Try Google Sets(apple1) onalldomains
network discovery algorithm1
Network DiscoveryAlgorithm

http://apple1.sub.domain.com/~chema/dir/fil.doc

11) Resolve IP Address

12) GetCertificate in https://IP

13) Searchfordomainnames in it

14) Get HTTP Banner of http://IP

15) Use Bing Ip:IPtofindalldomainssharingit

16) Repeatforevery new domain

17) Connecttotheinternal NS (1 orall)

18) Perform a PTR Scansearchingforinternal servers

19) Forevery new IP discovered try Bing IP recursively

20) ~chema-> chemaisprobably a user

network discovery algorithm2
Network DiscoveryAlgorithm

http://apple1.sub.domain.com/~chema/dir/fil.doc

21) / , /~chema/ and /~chema/dir/ are paths

22) Try directorylisting in allthepaths

23) Searchfor PUT, DELETE, TRACE methods in everypath

24) Fingerprint software from 404 error messages

25) Fingerprint software fromapplication error messages

26) Try commonnamesonalldomains (dictionary)

27) Try Zone Transfer onall NS

28) Searchforany URL indexedby web enginesrelatedtothehostname

29) Downloadthe file

30) Extractthemetadata, hiddeninfo and lost data

31) Sortallthisinformationand presentitnicely

32) Forevery new IP/URL startoveragain

slide32

Demo: fbi.gov

whitehouse.gov

dns cache snooping2
DNS Cache Snooping
  • DNS Cache Snooping + Evilgrade
  • DNS Cache Snooping + AV bypassing
slide41

Demo: DNS

Cache Snooping

foca online
FOCA Online

http://www.informatica64.com/FOCA

cleaning documents
Cleaning documents
  • OOMetaExtractor

http://www.codeplex.org/oometaextractor

iis metashield protector
IIS MetaShield Protector

http://www.metashieldprotector.com

questions at q a room 113
Questionsat Q&A room 113
  • Chema Alonso
    • chema@informatica64.com
    • http://www.informatica64.com
    • http://www.elladodelmal.com
    • http://twitter.com/chemaalonso
  • Workingon FOCA:
    • Chema Alonso
    • Alejandro Martín
    • Francisco Oca
    • Manuel Fernández «The Sur»
    • Daniel Romero
    • Enrique Rando
    • Pedro Laguna
    • SpecialThanksto: John Matherly [Shodan]
ad