Descarga la aplicación para disfrutar aún más
Vista previa del material en texto
© All rights reserved. www.keepcoding.io Information Gathering http://www.keepcoding.io © All rights reserved. www.keepcoding.io Information Gathering ● Obtener información del sistema que vamos a atacar ● A la hora de realizar esta fase hablamos de: ○ Footprinting y Fingerprinting ■ No es necesario interactuar directamente ● Whois, búsquedas en google ■ Interacción directa con los sistemas ● Escaneo de puertos http://www.keepcoding.io © All rights reserved. www.keepcoding.io Footprinting http://www.keepcoding.io © All rights reserved. www.keepcoding.io Buscadores Buscadores: ● www.google.com ● www.bing.com ● www.duckduckgo.com http://www.keepcoding.io http://www.google.com http://www.bing.com http://www.duckduckgo.com © All rights reserved. www.keepcoding.io Dorks ● site:trello.com password ● inurl:5601/app/kibana ● inurl:"/xmlrpc.php?rsd" & ext:php http://www.exploit-db.com/google-dorks/ http://www.keepcoding.io http://www.exploit-db.com/google-dorks/ © All rights reserved. www.keepcoding.io Dorks ● site:policia.es login ● "database_password" filetype:yml "config/parameters.yml" ● filetype:pdf "acunetix website audit" "alerts summary" ● xamppdirpasswd.txt filetype:txt ● "DB_PASSWORD" filetype:env ○ Laravel apps http://www.keepcoding.io © All rights reserved. www.keepcoding.io GitLeaks ● https://github.com/zricethezav/gitleaks ● https://github.com/michenriksen/gitrob http://www.keepcoding.io https://github.com/zricethezav/gitleaks https://github.com/michenriksen/gitrob © All rights reserved. www.keepcoding.io Robots.txt ● Robots.txt es un mecanismo utilizado para que buscadores como Bing o Google no indexen ciertas páginas ● No hace falta indicar en robots.txt las direcciones de login o intranets ● Alternativa X-Robots-Tag http://www.keepcoding.io © All rights reserved. www.keepcoding.io Security.txt https://securitytxt.org/ http://www.keepcoding.io https://securitytxt.org/ © All rights reserved. www.keepcoding.io DNS transfer zone ● Transferencia de zona de DNS ○ Proceso por el cual se solicita una copia de base de datos del servidor DNS http://www.keepcoding.io © All rights reserved. www.keepcoding.io Certificate Transparency ● Proyecto que pública y monitoriza los certificados SSL ● Detectar certificados maliciosos o detectar una entidad certificadora comprometida https://www.certificate-transparency.org/ https://github.com/x0rz/phishing_catcher http://www.keepcoding.io https://www.certificate-transparency.org/ https://github.com/x0rz/phishing_catcher © All rights reserved. www.keepcoding.io Abusing Certificate Transparency https://github.com/UnaPibaGeek/ctfr http://www.keepcoding.io https://github.com/UnaPibaGeek/ctfr © All rights reserved. www.keepcoding.io Abusing Certificate Transparency 1. git clone https://github.com/UnaPibaGeek/ctfr.git 2. cd ctfr 3. sudo apt install python3-pip 4. pip3 install -r requirements.txt 5. python3 ctfr.py -d keepcoding.io https://github.com/UnaPibaGeek/ctfr http://www.keepcoding.io https://github.com/UnaPibaGeek/ctfr.git https://github.com/UnaPibaGeek/ctfr © All rights reserved. www.keepcoding.io Whois ● Empresa registradora del dominio ● Quién lo registro https://whois.domaintools.com/ http://www.dominios.es/dominios/ http://www.keepcoding.io https://whois.domaintools.com/keepcoding.io http://www.dominios.es/dominios/ © All rights reserved. www.keepcoding.io Renovación de dominios http://www.keepcoding.io https://www.theverge.com/2015/6/19/8811425/heinz-ketchup-qr-code-porn-site-fundorado © All rights reserved. www.keepcoding.io SSL Server Test https://www.ssllabs.com/ssltest/ http://www.keepcoding.io https://www.ssllabs.com/ssltest/ © All rights reserved. www.keepcoding.io SSL Server Test ● Puntuaciones de A+ a F http://www.keepcoding.io © All rights reserved. www.keepcoding.io Wappapelyzer ● Detectar tecnologías web ● Desarrollada en nodejs y open source ● Plugins para navegadores: ○ https://chrome.google.com/webstore/detail/wappalyzer/ gppongmhjkpfnbhagpmjfkannfbllamg ○ https://addons.mozilla.org/es/firefox/addon/wappalyzer/ https://www.wappalyzer.com/ http://www.keepcoding.io https://github.com/AliasIO/Wappalyzer https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg https://addons.mozilla.org/es/firefox/addon/wappalyzer/ https://www.wappalyzer.com/ © All rights reserved. www.keepcoding.io Fingerprinting http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap ● Programa open source para realizar escaneos de puertos ● Primera versión de 1997 ● GUI oficial: ○ https://nmap.org/zenmap/ ● Permite scripts ○ https://nmap.org/book/man-nse.html https://nmap.org/ http://www.keepcoding.io https://nmap.org/zenmap/ https://nmap.org/book/man-nse.html https://nmap.org/ © All rights reserved. www.keepcoding.io Tipos de escaneo Nmap ● TCP SYN (-sS) ● UDP ( -sU ) ● TCP ACK ( -sA ) ● TCP NULL ( -sN ) ● TCP XMAS ( -sX ) ● TCP FIN ( -sF ) ● TCP IDLE ( -sI ) http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap Host Discovery http://www.keepcoding.io © All rights reserved. www.keepcoding.io Host Discovery con ARP ● ARP: protocolo de resolución en red http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap Scan http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap ● -O Información del sistema operativo ● -v Verbosity ● -sV Información de las versiones ● -A Activa la detección de sistema operativo, de versiones y traceroute ● -Pn No ping ● -p port number Por defecto Nmap escanea puertos hasta el 1024 y los especificados en el fichero nmap-services http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap modos y tiempos ● -T 0,1,2,3,4,5 : Tiempo y envio de paquetes ○ paranoid 0 ○ sneaky 1 ○ polite 2 ○ normal 3 ○ aggressive 4 ○ insane 5 Los modos 1 y 2 se utilizan para evadir IDS http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap Output ● -oN Normal output ● -oX XML output ● -oS Script KIdd|3 Output (salida HaXXorZ) ○ Ejemplo: 4pacH3 JsErv (PROtOC0L v1.3) ○ Es una broma de los desarrolladores ● -oG grepable output ● -oA Output en todos los formatos http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap http://www.keepcoding.io © All rights reserved. www.keepcoding.io Banner http://www.keepcoding.io © All rights reserved. www.keepcoding.io Nmap Scripts ● Localización de scripts: /usr/share/nmap/scripts/ ● Añadir un script: a.Copiar a la carpeta /usr/share/nmap/scripts b.--script-updatedb c.--script <<nombre-script>> http://www.keepcoding.io © All rights reserved. www.keepcoding.io Zenmap GUI http://www.keepcoding.io © All rights reserved. www.keepcoding.io Zenmap GUI http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan ● Shodan es un buscador de dispositivos conectados a internet ● Nos permite obtener información del objetivo de forma silenciosa ○ www.shodan.io ● Existen extensiones para Firefox y Chrome: ○ https://addons.mozilla.org/es/firefox/addon/shodan_io/ ○ https://chrome.google.com/webstore/detail/shodan/jjalcfnidlmpjhdfepjhjbhnhkbgleap http://www.keepcoding.io http://www.shodan.io https://addons.mozilla.org/es/firefox/addon/shodan_io/ https://chrome.google.com/webstore/detail/shodan/jjalcfnidlmpjhdfepjhjbhnhkbgleap © All rights reserved. www.keepcoding.io Shodan http://www.keepcoding.io https://twitter.com/shodanhq/status/654348699582251009?lang=es https://account.shodan.io/login © All rights reserved. www.keepcoding.io Shodan ● City: Dispositivos ubicados en determinadaciudad ● Country: Dispositivos ubicados en un país ● Geo: Búsqueda por coordenadas ● Hostname: Búsqueda de dispositivos por nombre ● Org: Búsqueda de dispositivos por nombre de organización ● Net: Búsqueda de una IP ● os: Búsqueda basada en el sistema operativo ● Port: Búsqueda de determinados puertos ● Before/after: Resultados en un rango de tiempo. ● Product: Búsqueda por producto. MySQL, MongoDB, PostgreSQL http://www.keepcoding.io © All rights reserved. www.keepcoding.io Práctica ● "authentication disabled" port:5900 ● port:554 Hipcam country:ES ● product:MongoDB ● port:9200 json ● title:"xzeres wind" ● Minecraft Server port:25565 Twitter hashtag #ShodanSafari http://www.keepcoding.io https://twitter.com/hashtag/ShodanSafari?src=hash © All rights reserved. www.keepcoding.io Shodan Plugin http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan http://www.keepcoding.io © All rights reserved. www.keepcoding.io Equipos mal configurados http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan VNC sin autenticación http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan http://www.keepcoding.io https://www.shodan.io/host/77.226.237.252 © All rights reserved. www.keepcoding.io Shodan http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan API http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan Maps http://www.keepcoding.io © All rights reserved. www.keepcoding.io Shodan ScanHub http://www.keepcoding.io © All rights reserved. www.keepcoding.io Metadatos ● Metadata hace referencia a los “datos de los datos”. ○ Coordenadas GPS ○ Fecha de edición, creación ○ Usuario que creo que el archivo http://www.keepcoding.io © All rights reserved. www.keepcoding.io John McAfee http://www.keepcoding.io © All rights reserved. www.keepcoding.io Foca ● Herramienta centrada en la extracción de metadatos ● Permite la descarga automatizada y análisis de documentos presentes en una web ● Obtiene todos los documentos, asociados a un dominio, que han sido indexados por los buscadores https://www.elevenpaths.com/es/labstools/foca-2/index.html http://www.keepcoding.io https://github.com/ElevenPaths/FOCA https://www.elevenpaths.com/es/labstools/foca-2/index.html © All rights reserved. www.keepcoding.io ExifTool ● Herramienta centrada en la extracción de metadatos ● Permite la modificación de metadatos ● Multiplataforma ● Instalar: ○ apt install exiftool http://www.keepcoding.io https://www.sno.phy.queensu.ca/~phil/exiftool/ © All rights reserved. www.keepcoding.io Foca http://www.keepcoding.io © All rights reserved. www.keepcoding.io Foca http://www.keepcoding.io © All rights reserved. www.keepcoding.io ExifTool 1. site:keepcoding.io filetype:pdf 2. exiftool <<documento>> http://www.keepcoding.io © All rights reserved. www.keepcoding.io ExifTool modificar metadatos 1. exiftool -rights="Copyright" -CopyrightNotice="Copyright" <<archivo>> 1. exiftool -overwrite_original -Author="Carlos Cilleruelo" <<archivo>> http://www.keepcoding.io © All rights reserved. www.keepcoding.io Spiderfoot ● Herramienta open source de footprinting e inteligencia automatizada http://www.spiderfoot.net/download/ http://www.keepcoding.io http://www.spiderfoot.net/download/ © All rights reserved. www.keepcoding.io Spiderfoot http://www.keepcoding.io
Compartir