Post on 07-Nov-2014
description
Hacker Trail Mix
Monday, February 28, 2011
Who Am I
• Elliott “Nullthreat” Cutright
• Sr Information Security Analyst
• EWA GSI in Bowling Green KY
• Member of Corelan Team
Monday, February 28, 2011
About the talk
• As many topics and demos I can cover in an hour
• Move very quickly
• Feel free to contact me for more info
• Big thanks to Paterva for the demo license of.....
Monday, February 28, 2011
Maltego
• Intel gathering framework
• Allows users to start with one piece of information and find more
• Uses “Transforms” to find additional data
• Free “community” version available in backtrack and at www.paterva.com
Monday, February 28, 2011
Demo
Monday, February 28, 2011
Shodan
Monday, February 28, 2011
Shodan
• Computer search engine
• Find info about host on the internet w/o touching them
Monday, February 28, 2011
Why do I care?
Monday, February 28, 2011
Oh.. thats why
Monday, February 28, 2011
FOCA
• OMG METADATA!!
• Can read info from: .doc .ppt .pps .xls .docx .pptx .ppsx .xlsx .sxw .sxc .sxi .odt .ods .odg .odp .pdf .wpd .svg .svgz .jpg
• http://www.informatica64.com/FOCA/
Monday, February 28, 2011
Meta-data? WTF?
Monday, February 28, 2011
Demo
Monday, February 28, 2011
Pshh Metadata
• What can we do with some of this cool metadata
• Targeted Attacks
• I know what OS you run and what app you had
Monday, February 28, 2011
I know where you sleep
• Image metadata can have GPS coordinates
• hello iPhone :-)
• Not just images
• hello twitter
Monday, February 28, 2011
Monday, February 28, 2011
Monday, February 28, 2011
Monday, February 28, 2011
Monday, February 28, 2011
Demo
Monday, February 28, 2011
Pastenum.rb
• New tool in development
• Searches pastebin sites for “interesting data”
• TONS of stuff -->
• Not ready for prime time yet
• Looking to release at DerbyCon
Monday, February 28, 2011
Zone Transfers
• DNS zone transfers are used to replicate DNS entries across multiple DNS servers
• Great way to find systems and hostnames without scanning
Monday, February 28, 2011
DIG
• Use DIG to find the nameservers
• dig teachers.net
• Attempt a zone transfer
• dig teachers.net @ns1.secure.net axfr
Monday, February 28, 2011
DIG cont.teachers.net. 10 IN A 207.57.106.11
teachers.net. 86400 IN NS ns2.secure.net.
teachers.net. 86400 IN NS ns1.secure.net.
teachers.net. 86400 IN MX 10 chat.teachers.net.
4Blocks.teachers.net. 10 IN CNAME teachers.net.
adulteducation.teachers.net. 10 IN CNAME teachers.net.
ak.teachers.net. 10 IN CNAME teachers.net.
al.teachers.net. 10 IN CNAME teachers.net.
alabama.teachers.net. 10 IN CNAME teachers.net.
alaska.teachers.net. 10 IN CNAME teachers.net.
ar.teachers.net. 10 IN CNAME teachers.net.
arizona.teachers.net. 10 IN CNAME teachers.net.
arkansas.teachers.net. 10 IN CNAME teachers.net.
Art.teachers.net. 10 IN CNAME teachers.net.
australia.teachers.net. 86400 IN CNAME teachers.net
Monday, February 28, 2011
MDNS
• Multicast DNS / Zero Config Networking
• MDNS = Bonjour = Avahi
• MDNS gives up alot of info
Monday, February 28, 2011
dnsrecon
• Created by Carlos “Darkoperator” Perez
• Get it at https://github.com/darkoperator/dnsrecon
• We can use it to find MDNS Stuff
Monday, February 28, 2011
Demo
Monday, February 28, 2011
Wfuzz
• Web application fuzzer
• Created by edge-security
• Fast directory/file discovery
• ...alot more
Monday, February 28, 2011
Wfuzz + Fuzzdb
• Combine the Fuzzdb wordlist with wfuzz
• Fast and accurate enumeration of applications
Monday, February 28, 2011
Demo
Monday, February 28, 2011
SET
• Social-Engineer Toolkit
• Created by Dave ‘ReL1K’ Kennedy
• Help with SE campaigns
Monday, February 28, 2011
SET
• Multiple attacks
• Spear Phishing
• Tab Nabbing
• Browser Client-side attack
• Unique Java payload
Monday, February 28, 2011
Demo
Monday, February 28, 2011
Contact me:nullthreat@gmail.com
@nullthreatwww.nullthreat.net
Monday, February 28, 2011