Introduction ction

Who I am ? Roelof Temmingh ://www.paterva.com) Paterva (http://w va.com roelof@paterva.c

Foot printing 101

Four conversions or transforms: Domain to DNS Name MX/NS/Zone transfer/Brute DNS Name to IP address Just resolve IP address to Netblock Whois Netblock to AS core routers, web

Foot printing 102

Four more: AS to Netblock Robtex / Cymru Netblock to IP address(es) Just expand IP address to DNS name Reverse DNS, shared virtual hosts etc. DNS Name to Domain Simple..?

Foot printing 201

Six more transforms .via Whois

Foot printing !?

And six more using Search Engines, PGP etc.

Information foot printing

And so on and so forth

A container of tricks t

Almost every arrow repre epresents: ‡ Some kind of trick, cu algorithm k, cute ‡ Something to keep in mind p ‡ A bookmark or a friend frien You end up with loads of scripts / methods / apps s The need for a box of tric became evident f tricks

The need for a GUI or

Also : ‡ If A -> B -> C and X -> Y -> C, then X =~ C ‡ A -> B -> C -> A ‡ Keeping track of where we ve been Seeing this without a graph rep representation is almost impossible

Demo of M Maltego

What is information really?
Information or just data? Too much or too little? What are we really looking for? Humans are
Great at recognizing patterns Lousy at processing data

The challenge: The human friendly middle way

Managing Complexity
Data becomes relevant when links exist Hidden nodes, hidden links

ack

Walkthrough of a Tr Transform
1.

2.

3.

4.

5. 6.

7.

8.

Get entity from user Person Roelof Temmi mingh Get question on entity from user convert to email addres dress Expand question and add c dd confidence levels Roelof Temmingh, Rtem Rtemmingh, TemminghR etc. Ask the question to your da source r data search for it on search e rch engine* Get the answers utput Parse the answers for outp entities parse for email address [at/_at_/remove] resses Process the parsed entities ities confidence, frequency, correlation etc ncy, Show top N processed enti entities

In many cases it s a 1:1 relationship, so con confidence levels etc do not apply *more later

Challenges ges
Operational nal
‡ ‡ ‡ Not everyone gives their details out on the Internet (yet) Information on the Internet is not c ot clean there are no standards It s really hard/impossible to give co e context to the information

Technical l
‡ ‡ Some entity types are really hard to parse effectively rd ‡ Person ‡ Phone number Speed

Legal challeng llenges
‡ ‡ Information - the currency o many sites cy of They will give you the info, but on their terms: fo, ‡ see their ads ‡ submit your personal de al details Even APIs restricted to ‡ personal use ‡ limited queries Automated collecting/scrap is prohibited craping

‡

‡

Distributed transforms
No more transforms shipped with Maltego app Sea of public transform servers Other benefits Building a community of transform writers Anyone, any-how Simple interop (XML, HTTP) High scalability (bandwith, caching)

Maltego architecture arch
Transforms Internal network Internet

<xml/>

<html/> SQL

<xml/>

Transform application server (TAS)

Maltego client

<xml/>
Internal seed server

Seed servers

1

Service providers

TAS

Internal TAS

<xml/> <xml/> <html/> SQL
1) From Client to Seed server: XML over HTTP(s) 2) From Client to TAS: XML over HTTP(s) 3) From TAS to Service providers: Mixed All Communications are proxy-able

SQL

Internal Data

But it didn t go away

Moved from Google to Yahoo API Cut 32 transforms from public TAS !Social networks transforms Rapleaf, Spock
Not real time, not comprehensive

Yahoo API key limits

Legal challenge II enges
"Building a tool around scraping G ing Google sounds like a good way to make broken software - someone at Google Will you revive the API? - No Can I buy (pay per click) access so ss somehow? - No Will it help if I show your ads? - N ? No Will rate limiting my requests be helpful? No s "It's the users who lose out when Web companies decide to hen crack down on popular scrape rapers" - Reid Hoffman, CEO of LinkedIn dIn Bottom line Any amount of tech technical cleverness, thinking and experimenting just won t help You can t do it because I help. said so .

Making imaginary virtual friends

Exploiting ting
Quantifiable results: ‡ Counters ‡ Ratings (it s just SO web 2.0) r user ‡ # of users (what if 75% of your us are bots) k about it This is really click fraud if you think ab t worked for interactive sessions!): But also more fuzzy results (hey it wo n an ‡ Positive/negative comments on a article/blog sting ‡ Opinions in an article, blog postin ‡ Tags ‡ IM status lines ferent The players here have a vastly differe skill set than what we have. Web ty and 2.0 (urghhh) is the vulnerability an the content is the payload.

More human than human han
If you can convince an algorithm that you are human, can you convince a human that you are hu e human? Consider CyberLover, a Russian chat b at bot communicating with users over IRC thus, in real time and in nd interactive: Among CyberLover's creepy features is its ability to offer a range of res different profiles from "romantic l tic lover" to "sexual predator." It can also lead victims to a "personal" W site, which could be used to al" Web deliver malware, PC Tools said. . We ve collected all this nice info with Maltego, what can we do with ith it?

Peer pressur ssure

So what can we do with it? ‡ Manipulate ratings of any f anything ‡ Sway public opinion ‡ Influence political polls lls ‡ Alter stock prices direct or indirectly irectly ‡ Perform social denial of s l service Keep in mind that people are flock animals you just need e to be the initial catalyst a get critical mass yst and

Things to pond onder...
Making the application do so o something it shouldn t do vs. Using the effects of using the appli pplication for interesting purposes Some applications just shouldn t h n have been built: ‡ Bank giving their users free email e em ‡ Sending proof of payment via email ‡ School friends The (perfect normal use) of the ap e application leads to vulnerability Speed of technica assessment nical vs. Speed of assessin the effects ssing

Conclusion sion

Have we hacked anything actually ? You know you screwed up when you w ou want to go back and try to undo/regulate/un-invent what yo ve done: t you
‡ ‡ ‡ ‡

The atom bomb Chemical warfare Cigarettes Facebook

Sign up to vote on this title
UsefulNot useful