Académique Documents
Professionnel Documents
Culture Documents
ndice
Introduccin:
Fear the FOCA!.........................................................................................11
Captulo I.
Los metadatos .............................................................................................15
1. Metadatos, informacin oculta y datos perdidos....................................................16
0HWDGDWRVHQGRFXPHQWRVRPiWLFRV ......................................................................18
0HWDGDWRVHQ0LFURVRIW2IFH.................................................................................................. 18
Datos del usuario ................................................................................................................... 19
Propiedades del documento ................................................................................................... 20
Ficheros incrustados .............................................................................................................. 20
'HVYLQFXODGRGHFKHURVJUiFRVLQFUXVWDGRV ...................................................................... 22
5HYLVLRQHV\PRGLFDFLRQHV.................................................................................................. 23
Notas, Encabezados y Pies de pginas .................................................................................. 23
,QIRUPDFLyQRFXOWDSRUIRUPDWR ............................................................................................. 24
2WURVOXJDUHVGRQGHVHDOPDFHQDODLQIRUPDFLyQ .................................................................. 24
,QIRUPDFLyQRFXOWD ................................................................................................................. 25
Conexiones a bases de datos .................................................................................................. 25
Impresoras.............................................................................................................................. 26
0HWDGDWRVHQ2SHQ2IFH.......................................................................................................... 28
Datos personales .................................................................................................................... 29
Impresoras.............................................................................................................................. 30
Plantillas ................................................................................................................................ 31
Documentos vinculados e incrustados ................................................................................... 32
0RGLFDFLRQHV ....................................................................................................................... 34
3iUUDIRVRFXOWRV ..................................................................................................................... 35
Notas, Encabezados, Pies, Comentarios... ............................................................................. 36
Metadatos personalizados ......................................................................................................... 36
Bases de datos ........................................................................................................................ 37
Versiones de documentos ....................................................................................................... 38
Metadatos en Apple iWork ........................................................................................................ 39
JJJ
(OFKHUR%XLOG9HUVLRQ+LVWRU\SOLVW ...................................................................................... 40
Vista previa en la carpeta QuickLook: Preview.PDF y Thumbnail.jpg ................................. 41
Carpeta thumbs y archivos incrustados ................................................................................. 42
(OSHUOGHFRORU\ORVGRFXPHQWRVJUiFRV .......................................................................... 42
Archivos con extensin chrtshr ............................................................................................. 43
Los archivos maestros: Index.XML e Index.apxl .................................................................. 43
2EMHWR0HGDWDGD .................................................................................................................... 44
,QIRUPDFLyQ2FXOWD ................................................................................................................ 45
Rutas locales en atributos path .............................................................................................. 45
9HUVLRQHV\IHFKDVGHOGRFXPHQWR ......................................................................................... 45
,QIRUPDFLyQGHLPSUHVRUDV .................................................................................................... 46
Versin del sistema operativo ................................................................................................ 46
Control de Cambios ............................................................................................................... 47
Las pistas en los documentos Apple iWork ........................................................................... 47
0HWDGDWRVHQRWURVDUFKLYRVGH062IFH ............................................................................... 48
Archivos de autorecuperacin ............................................................................................... 48
2WURVIRUPDWRVGHGRFXPHQWRVHQ0LFURVRIW([FHO .............................................................. 49
0HWDGDWRVHQIRUPDWRV3RVWVFULSW\3') .................................................................................. 51
(XML) Forms Data Format ................................................................................................... 52
Captulo II.
Anlisis y limpieza de metadatos ..............................................................55
1. Anlisis de metadatos con FOCA .............................................................................55
0HWDGDWRVFRPRSDUWHGHXQDLQYHVWLJDFLyQIRUHQVH................................................................. 60
(OLQIRUPH%ODLU ..................................................................................................................... 60
/RFDOL]DFLyQGHXQGHIDFHU .................................................................................................... 61
Seguimiento de movimientos ................................................................................................ 63
3LUDWHUtDGHVRIWZDUH .............................................................................................................. 65
(OLPLQDFLyQGHPHWDGDWRVGHIRUPDPDQXDO ............................................................................. 83
'RFXPHQWRV0LFURVRIW2IFH ............................................................................................... 83
0LFURVRIW2IFHSDUD0DF..................................................................................................... 84
'RFXPHQWRV2SHQ2IFH ....................................................................................................... 85
Eliminacin de metadatos en imgenes .................................................................................... 87
JJJ
ndice
(OLPLQDFLyQGHPHWDGDWRVGHIRUPDDXWRPiWLFD ....................................................................... 88
MetaShield Protector ............................................................................................................. 88
0HWD6KLHOG3URWHFWRUIRU,,6\0HWD6KLHOG3URWHFWRUIRU6KDUH3RLQW ................................... 89
0HWD6KLHOG3URWHFWRUIRU&OLHQW ............................................................................................. 94
0DQLSXODQGRPHWDGDWRVSDUDHQJDxDUDOD)2&$ ................................................................. 95
)XJDGHLQIRUPDFLyQHQHPSUHVDVOtGHUHVHQ'DWD/RVV3UHYHQWLRQ ......................................... 97
Captulo III
Descubrimiento de la red.........................................................................101
1. Opciones de descubrimiento de red .......................................................................102
WebSearcher: Localizacin de URLs en buscadores de Internet ........................................... 102
DNS ......................................................................................................................................... 104
$QiOLVLVGHO'16FRQ'LFFLRQDULR\7UDQVIHUHQFLDVGH=RQD ............................................. 106
DNS Prediction ........................................................................................................................111
Bing IP..................................................................................................................................... 112
PTR Scanning.......................................................................................................................... 113
Shodan .................................................................................................................................... 115
Descubrimiento de la red mediante angentes SNMP........................................................... 117
Robtex ..................................................................................................................................... 119
&HUWLFDGRVGLJLWDOHV ............................................................................................................... 121
Google Slash Trick .................................................................................................................. 124
2SFLRQHVGHQJHUSULQWLQJ .....................................................................................125
Fingerprinting con banners y mensajes de error .................................................................. 126
Fingerprinting de versiones en servidores DNS .................................................................. 127
&RQJXUDFLyQGHRSFLRQHVGHQJHUSULQWLQJ ....................................................................... 128
Captulo IV
Bsqueda de Vulnerabilidades ................................................................133
1. Tipos de vulnerabilidades analizadas por FOCA .................................................133
Backups ................................................................................................................................... 133
Listado de directorios .............................................................................................................. 135
%~VTXHGDGHPDOZDUH\%ODFN6(2FRQSDWURQHVGH'LUHFWRU\/LVWLQJ .............................. 136
DNS Cache Snooping ............................................................................................................. 137
Escenarios de ataque aprovechando DNS Cache Snooping ................................................ 140
Ficheros .DS_Store ................................................................................................................. 142
%XJ3+3&*,&RGH([HFXWLRQ ............................................................................................... 144
0pWRGRV+773LQVHJXURV........................................................................................................ 146
Subida de WebShells con mtodos PUT.............................................................................. 148
JJJ
Captulo V.
Plugins, informes y otros trucos. ............................................................173
1. Funciones avanzadas de FOCA..............................................................................174
JJJ
ndice
Captulo VI
Cmo crear plugins para FOCA ............................................................209
1. Creacin de un plugin bsico ................................................................................209
Creacin del proyecto para el plugin en Visual Studio ........................................................... 210
&UHDFLyQLQLFLDOGHOSOXJLQH,QWHJUDFLyQGHOD$3,GH)2&$ ................................................ 211
'HVDUROORGHODIXQFLRQDOLGDGGHOSOXJLQ ................................................................................ 212
3. Final ..........................................................................................................................223
JJJ