Guide to TCP/IP, Third Edition Chapter 12: TCP/IP, NetBIOS, and WINS.
Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version...
Transcript of Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version...
![Page 1: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/1.jpg)
30/06/2009
1
Chema Alonso, José Palzón
![Page 2: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/2.jpg)
30/06/2009
2
� Metadata:� Information stored to give information about the
document.▪ For example: Creator, Organization, etc..
� Hidden information:
� Information internally stored by programs and noteditable.▪ For example: Template paths, Printers, db structure, etc…
� Lost data:� Information which is in documents due to human mistakes
or negligence, because it was not intended to be there.▪ For example: Links to internal servers, data hidden by format, etc…
Wrong management
Bad format conversion
Unsecure options
New apps
or program
versions
Embedded
files
Search engines
Spiders
Databases
Embedded
files
Wrong management
Bad format conversion
Unsecure options
![Page 3: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/3.jpg)
30/06/2009
3
� The answer is NOT.
� Almost nobody is cleaning documents.
� Companies publish thousand of documents
without cleaning them before:
� Metadata.
� Hidden Info.
� Lost data.
Total: 4841 files
![Page 4: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/4.jpg)
30/06/2009
4
Real Name
Username
Internal Domain
.. And more…
![Page 5: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/5.jpg)
30/06/2009
5
Total: 896 files
![Page 6: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/6.jpg)
30/06/2009
6
Total: 1075 files
![Page 7: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/7.jpg)
30/06/2009
7
User
Software Version
Internal Server NetBIOS name
Remote Printer Name
Local Printer
![Page 8: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/8.jpg)
30/06/2009
8
![Page 9: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/9.jpg)
30/06/2009
9
� Office documents:� Open Office documents.
� MS Office documents.
� PDF Documents.▪ XMP.
� EPS Documents.
� Graphic documents.▪ EXIFF.
▪ XMP.
� And almost everything….
![Page 10: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/10.jpg)
30/06/2009
10
EXIFREADER
http://www.takenet.or.jp/~ryuuji/
![Page 11: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/11.jpg)
30/06/2009
11
http://video.techrepublic.com.com/2422-14075_11-207247.html
![Page 12: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/12.jpg)
30/06/2009
12
![Page 13: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/13.jpg)
30/06/2009
13
� Users:� Creators.� Modifiers .� Users in paths.▪ C:\Documents and settings\jfoo\myfile
▪ /home/johnnyf� History of use.� Operating systems.� Software versions.� Paths.
� Local and remote.� Network info.
� Shared Printers.� Shared Folders.� ACLS.
� Printers.� Local and remote.
� Internal Servers.� NetBIOS Name.� Domain Name.� IP Address.
� Database structures.� Table names.� Colum names.
� Devices info.� Mobiles.� Photo cameras.
� Private Info.� Personal data.
![Page 14: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/14.jpg)
30/06/2009
14
� Info is in the file in raw format:� Binary.
� ASCII .� Therefore Hex or ASCII editors can be used:
� HexEdit.
� Notepad++.
� Bintext� Special tools can be used:
� Exif redaer
� ExifTool
� Libextractor.
� Metagoofil.
� …� …or just open the file!
![Page 15: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/15.jpg)
30/06/2009
15
� http://www.edge-security.com/metagoofil.php
![Page 16: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/16.jpg)
30/06/2009
16
![Page 17: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/17.jpg)
30/06/2009
17
![Page 18: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/18.jpg)
30/06/2009
18
![Page 19: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/19.jpg)
30/06/2009
19
� These tools only extract metadata.
� Not looking for Hidden Info.
� Not looking for lost data.
� Not post-analysis.
![Page 20: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/20.jpg)
30/06/2009
20
� Fingerprinting Organizations with Collected
Archives.
� Search for documents
� Automatic file downloading
� Capable of extracting Metadata, hidden info andlost data.
� Cluster information
� Analyzes the info to fingerprint the network.
![Page 21: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/21.jpg)
30/06/2009
21
http://www.informatica64.com/FOCA
![Page 22: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/22.jpg)
30/06/2009
22
![Page 23: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/23.jpg)
30/06/2009
23
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=144e54ed-
d43e-42ca-bc7b-5446d34e5360
![Page 24: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/24.jpg)
30/06/2009
24
� OOMetaExtractor
http://www.codeplex.org/oometaextractor
![Page 25: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/25.jpg)
30/06/2009
25
http://www.metashieldprotector.com
![Page 26: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/26.jpg)
30/06/2009
26
![Page 27: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/27.jpg)
30/06/2009
27
![Page 28: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/28.jpg)
30/06/2009
28
� Authors� Chema Alonso▪ [email protected]
� Enrique Rando▪ [email protected]
� Alejandro Martín▪ [email protected]
� Francisco Oca▪ [email protected]
� Antonio Guzmán▪ [email protected]
![Page 29: Tactical Fingerprinting Using Metadata, Hidden Info and ...30/06/2009 7 User Software Version Internal Server NetBIOS name Remote Printer Name Local Printer](https://reader033.fdocuments.in/reader033/viewer/2022041803/5e525daabaffb046a227643d/html5/thumbnails/29.jpg)
30/06/2009
29