si no quieres que sepa tu nombre, por que llevas el dni en ...ppt 2 ppt 3 ppt n results. html...

Report

Post on 22-Sep-2020

1 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Si no quieres que sepa tu nombre, por que llevas el DNI en la frente?

Christian MartorellaCISSP, CISA

1

Penetration testing

Information Gathering

Discovery / Fingerprinting

Vulnerability analysis

Exploitation

Reporting

2

Information Gathering

Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later.

3

I.G types

Passive Active

4

I.G - Types of information

• Domain, subdomain/host names

• User names jdoe

• Email Accounts jdoe@target.com

• Workers names John Doe

5

mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com
mailto:jdoe@target.com

I.G what for?

• Host/domain information for discovering new targets, to get a description of the host, industrial espionage, etc

• User names,emails, worker names, for performing brute force attacks on available services.

6

How can we obtain this kind of info?

7

Obtaining host and Domains names - Classic

• Zone Transfer (active)

• Whois (passive)

• Reverse Lookup (active)

• BruteForce (active++)

8

Zone-Transfer - DIG

TesterDNS

server

request: dig @srv.weak.dns weak.dns -t AXFR

9

DNS bruteforce

TesterDNS

server

Dictionaryafrodita

...hermes

..matrix

neo...

domain: target.com

host afrodita.target.com

afrodita.target.com has 192.168.1.1

xx

Discoverd hosts:afrodita

neo

10

Obtaining host and Domains names II

• Search Engines (passive)

• Public PGP key servers (passive)

11

Obtaining host and Domains names II

• The PGP public key servers are only intended to help the user in exchanging public keys

• http://keyserver.veridis.com/

12

http://pgp.mit.edu
http://pgp.mit.edu

Obtaining host and Domains - Search engines

subdomain

13

Obtaining host and Domains names II

subdomains

14

Obtaining host and Domains Subdomainer

Demo subDomainer

15

Obtaining user names - Classic

• Search engines (passive)

• Web pages (passive)

16

Other sources..

17

Obtaining user names - New sources

• PgP key servers (passive)

• Social Networks (passive)

• Metadata (passive)

18

Obtaining user names - New sources

• Social networks

LinkedIn is an online network of more than 15 million experienced professionals from around the world, representing 150 industries.

19

Obtaining user names - New sources

Current JobPasts JobsEducation

Job descriptionEtc...

20

Social networks, correlations

http://jheer.org/vizster/images/basic.png

http://jheer.org/vizster/images/basic.png

21

http://jheer.org/vizster/images/basic.png
http://jheer.org/vizster/images/basic.png
http://jheer.org/vizster/images/basic.png
http://jheer.org/vizster/images/basic.png

Obtaining user names - theHarvester

22

Obtaining emails - theHarvester

23

Obtaining user names - New sources

Metadata: is data about data.

Is used to facilitate the understanding, use and management of data.

24

Obtaining user names - New sources - Metadata

Provides basic information such as the author of a work, the date of creation, links to any related

works, etc.

25

Metadata - Dublin Core (schema)

Content & about the Resource

Intellectual Property Electronic or Physical manifestation

Title Author or Creator Date

Subject Publisher Type

Description Contributor Format

Language Rights Identifier

Relation

Coverage

26

Metadata - example

software - Adobe ImageReadysize - 1501x391mimetype - image/png

logo-Ubuntu.png

software - www.inkscape.orgsize - 1501x379mimetype - image/png

logo-Kubuntu.png

:/27

http://www.inkscape.org
http://www.inkscape.org

Metadata

• So where can we get interesting metadata?

&

28

Metadata

• Ok, I understand metadata... so what?

29

Metagoofil

• Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.

30

Metagoofilsite:nasa.gov filetype:ppt

31

Metagoofil

ppt 1

libextractor /filtering

ppt 2

ppt 3

ppt n

Results.html

Downloaded files

32

Metagoofil

Demo

33

Metagoofil - results

34

Metagoofil - results

35

Metagoofil - results

z

36

Metagoofil - results

37

Metagoofil - results

38

Metagoofil - results

39

Metagoofil & Linkedin results

• Now we have a lot of usernames, what can i do?

40

Using results• User profiling

john.doejdoej.doe

johndoejohndjohn.d

jddoejohn

• Dictionary creation John Doe

ATTACK!

41

References

• www.edge-security.com

• blog.s21sec.com

• www.s21sec.com

• www.gnunet.org/libextractor/• www.linkedin.com

42

http://www.edge-security.com
http://www.edge-security.com
http://www.linkedin.com
http://www.linkedin.com

Any question ?

43

Thank you for coming

44

top related

kap results ppt
Documents
englstress results ppt
Business
si la quieres te la llevas, con minicuotas
Documents
unidad 3 | ¿qué ropa llevas? · title: unidad 3 | ¿qué...
Documents
curso ingles para el viajero que llevas dentro
Documents
la ropa - ¿ qué llevas ?
Documents
qué llevas en tu móvil o mp3?
Art & Photos
¿qué llevas en tu bolso?
Documents
la ropa y los colores capítulo 6. ¿qué ropa llevas en el...
Documents
¿cómo te llevas con tu familia?
Documents
la princesa disney que llevas dentro
Documents
consigna: ¿quÉ cosas te llevas en la amarok?€¦ ·...
Documents
survey results ppt 2007
News & Politics
ppt of the pressconference on 2010 results
Technology
si quieres tu moto, te la llevas
Documents
saca el monstruo -...
Documents
no calles la musica que llevas dentro
Documents
la ropa ¿qué llevas puesto?. ¿qué llevas puesto?...
Documents
uni 9 me llevas en bici
Documents
ppt2 ¿qué llevas en tu mp3?
Documents