Defcon 17 Tactical Fingerprinting using Foca

60 %
40 %
Information about Defcon 17 Tactical Fingerprinting using Foca

Published on August 3, 2009

Author: chemai64



Talk delivered by Chema Alonso and José Palazón "Palako" in Defcon 17 about "Tactical Fingerprinting using metadata, hidden info and lost data".

Chema Alonso, José Palazón “Palako” Tactical Fingerprinting using metadata, hidden info and lost data using FOCA

2003 – a piece of history Irak war was about to start US wanted the UK to be an ally. US sent a document “proving” the existence of massive destruction weapons Tony Blair presented the document to the UK parliament. Parliament asked Tony Blair “Has someone modified the document?” He answered: No

2003 – MS Word bytes Tony Blair

What kind of data can be found? Metadata: Information stored to give information about the document. For example: Creator, Organization, etc.. Hidden information: Information internally stored by programs and not editable. For example: Template paths, Printers, db structure, etc… Lost data: Information which is in documents due to human mistakes or negligence, because it was not intended to be there. For example: Links to internal servers, data hidden by format, etc…

Metadata Metadata Lifecycle Wrongmanagement Badformatconversion Unsecureoptions Wrongmanagement Badformatconversion Unsecureoptions New apps orprogram versions Searchengines Spiders Databases Embedded files Hiddeninfo Lost Data Embedded files

Metadatacreatedby Google

Lost Data

Lost data everywhere

Public server

So… are people aware of this? The answer is NO. Almost nobody is cleaning documents. Companies publish thousands of documents without cleaning them before with: Metadata. Hidden Info. Lost data.

Sample: Total: 4841 files

Are theyclean? Total: 1075 files

Howmany files is my companypublishing?

Sample: Printer info found in odf files returned by Google

Google Sets prediction

Sample: Info found in a PDF file

What files store Metadata, hidden info or lost data? Office documents: Open Office documents. MS Office documents. PDF Documents. XMP. EPS Documents. Graphic documents. EXIFF. XMP. And almost everything….

Pictureswith GPS info.. EXIFREADER

Demo: Lookingfor EXIF information in ODF file

Even Videos withusers…

And of course, printedtxt

What can be found? Users: Creators. Modifiers . Users in paths. C:Documents and settingsjfoomyfile /home/johnnyf Operating systems. Printers. Local and remote. Paths. Local and remote. Network info. Shared Printers. Shared Folders. ACLS. Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names. Devices info. Mobiles. Photo cameras. Private Info. Personal data. History of use. Software versions.

How can metadata be extracted? Info is in the file in raw format: Binary. ASCII . Therefore Hex or ASCII editors can be used: HexEdit. Notepad++. Bintext Special tools can be used: Exifredaer ExifTool Libextractor. Metagoofil. … …or just open the file!

Tools: Libextractor

Tools: MetaGoofil

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...