aide 2011 - hacker trail mix
DESCRIPTION
A mix bag of hacker tools and techniques - Video @ http://vimeo.com/20173772TRANSCRIPT
![Page 1: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/1.jpg)
Hacker Trail Mix
Monday, February 28, 2011
![Page 2: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/2.jpg)
Who Am I
• Elliott “Nullthreat” Cutright
• Sr Information Security Analyst
• EWA GSI in Bowling Green KY
• Member of Corelan Team
Monday, February 28, 2011
![Page 3: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/3.jpg)
About the talk
• As many topics and demos I can cover in an hour
• Move very quickly
• Feel free to contact me for more info
• Big thanks to Paterva for the demo license of.....
Monday, February 28, 2011
![Page 4: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/4.jpg)
Maltego
• Intel gathering framework
• Allows users to start with one piece of information and find more
• Uses “Transforms” to find additional data
• Free “community” version available in backtrack and at www.paterva.com
Monday, February 28, 2011
![Page 5: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/5.jpg)
Demo
Monday, February 28, 2011
![Page 6: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/6.jpg)
Shodan
Monday, February 28, 2011
![Page 7: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/7.jpg)
Shodan
• Computer search engine
• Find info about host on the internet w/o touching them
Monday, February 28, 2011
![Page 8: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/8.jpg)
Why do I care?
Monday, February 28, 2011
![Page 9: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/9.jpg)
Oh.. thats why
Monday, February 28, 2011
![Page 10: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/10.jpg)
FOCA
• OMG METADATA!!
• Can read info from: .doc .ppt .pps .xls .docx .pptx .ppsx .xlsx .sxw .sxc .sxi .odt .ods .odg .odp .pdf .wpd .svg .svgz .jpg
• http://www.informatica64.com/FOCA/
Monday, February 28, 2011
![Page 11: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/11.jpg)
Meta-data? WTF?
Monday, February 28, 2011
![Page 12: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/12.jpg)
Demo
Monday, February 28, 2011
![Page 13: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/13.jpg)
Pshh Metadata
• What can we do with some of this cool metadata
• Targeted Attacks
• I know what OS you run and what app you had
Monday, February 28, 2011
![Page 14: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/14.jpg)
I know where you sleep
• Image metadata can have GPS coordinates
• hello iPhone :-)
• Not just images
• hello twitter
Monday, February 28, 2011
![Page 15: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/15.jpg)
Monday, February 28, 2011
![Page 16: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/16.jpg)
Monday, February 28, 2011
![Page 17: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/17.jpg)
Monday, February 28, 2011
![Page 18: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/18.jpg)
Monday, February 28, 2011
![Page 19: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/19.jpg)
Demo
Monday, February 28, 2011
![Page 20: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/20.jpg)
Pastenum.rb
• New tool in development
• Searches pastebin sites for “interesting data”
• TONS of stuff -->
• Not ready for prime time yet
• Looking to release at DerbyCon
Monday, February 28, 2011
![Page 21: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/21.jpg)
Zone Transfers
• DNS zone transfers are used to replicate DNS entries across multiple DNS servers
• Great way to find systems and hostnames without scanning
Monday, February 28, 2011
![Page 22: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/22.jpg)
DIG
• Use DIG to find the nameservers
• dig teachers.net
• Attempt a zone transfer
• dig teachers.net @ns1.secure.net axfr
Monday, February 28, 2011
![Page 23: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/23.jpg)
DIG cont.teachers.net. 10 IN A 207.57.106.11
teachers.net. 86400 IN NS ns2.secure.net.
teachers.net. 86400 IN NS ns1.secure.net.
teachers.net. 86400 IN MX 10 chat.teachers.net.
4Blocks.teachers.net. 10 IN CNAME teachers.net.
adulteducation.teachers.net. 10 IN CNAME teachers.net.
ak.teachers.net. 10 IN CNAME teachers.net.
al.teachers.net. 10 IN CNAME teachers.net.
alabama.teachers.net. 10 IN CNAME teachers.net.
alaska.teachers.net. 10 IN CNAME teachers.net.
ar.teachers.net. 10 IN CNAME teachers.net.
arizona.teachers.net. 10 IN CNAME teachers.net.
arkansas.teachers.net. 10 IN CNAME teachers.net.
Art.teachers.net. 10 IN CNAME teachers.net.
australia.teachers.net. 86400 IN CNAME teachers.net
Monday, February 28, 2011
![Page 24: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/24.jpg)
MDNS
• Multicast DNS / Zero Config Networking
• MDNS = Bonjour = Avahi
• MDNS gives up alot of info
Monday, February 28, 2011
![Page 25: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/25.jpg)
dnsrecon
• Created by Carlos “Darkoperator” Perez
• Get it at https://github.com/darkoperator/dnsrecon
• We can use it to find MDNS Stuff
Monday, February 28, 2011
![Page 26: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/26.jpg)
Demo
Monday, February 28, 2011
![Page 27: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/27.jpg)
Wfuzz
• Web application fuzzer
• Created by edge-security
• Fast directory/file discovery
• ...alot more
Monday, February 28, 2011
![Page 28: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/28.jpg)
Wfuzz + Fuzzdb
• Combine the Fuzzdb wordlist with wfuzz
• Fast and accurate enumeration of applications
Monday, February 28, 2011
![Page 29: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/29.jpg)
Demo
Monday, February 28, 2011
![Page 30: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/30.jpg)
SET
• Social-Engineer Toolkit
• Created by Dave ‘ReL1K’ Kennedy
• Help with SE campaigns
Monday, February 28, 2011
![Page 31: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/31.jpg)
SET
• Multiple attacks
• Spear Phishing
• Tab Nabbing
• Browser Client-side attack
• Unique Java payload
Monday, February 28, 2011
![Page 32: AIDE 2011 - Hacker Trail Mix](https://reader034.vdocument.in/reader034/viewer/2022042713/545cef59b1af9f410a8b4925/html5/thumbnails/32.jpg)
Demo
Monday, February 28, 2011