send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Pac4Mac (Plug And Check for Mac OS X)

  • 0 Respuestas
  • 1164 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado StateX

  • *
  • Underc0der
  • Mensajes: 5
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« en: Mayo 07, 2015, 06:47:06 am »
Hola a todos,

No se si ya estáis usando esta herramienta pero a mi me parece tan completa que la voy a compartir.

Pac4Mac es una herramienta para extraer y analizar información de un MAC OS X (vamos para hacerle un forense en condiciones :) ) Ademas, esta bajo una Apache License 2.0.


Os dejo con las features de Pac4Mac :

•   Developed in Python 2.x (natively supported)
•   Framework usage
•   Support of OS X 10.6, 10.7, 10.8 and 10.9 (not tested)

Data extraction through:

•   User or Root access
•   Single Mode access
•   Target Mode access (Storage media by Firewire or Thunderbolt)

It use 3 dumping modes : Quick, Forensics, Advanced:

•   Dumping Users / User Admin

•   Dumping  Mac's Identity (os version, owner)

•   Dumping  Miscellaneous files (Address book, Trash, Bash history, stickies, LSQuarantine, AddressBook, Safari Webpage Preview, Office Auto Recovery, WiFI access history, …)
•   Dumping content of current Keychain (security cmd + securityd process)
•   Dumping Users Keychains

•   Dumping System Keychains

•   Dumping password Hashes

•   Live Cracking hashes password
s
•   Dumping Browser Cookies (Safari, Chrome, Firefox, Opera)

•   Dumping Browser Places (Safari, Chrome, Firefox, Opera)

•   Dumping Browser Downloads history (Safari, Chrome, Firefox, Opera)

•   Dumping printed files

•   Dumping iOS files backups

•   Dumping Calendar and Reminders / Displaying secrets
•   Dumping Skype messages / Displaying secrets on demand
•   Dumping iChat, Messages(.app), Adium messages
•   Dumping Emails content (only text)

•   Dumping Emails content of all or special Mail Boxes
•   Adding root user
•   Dumping RAM
•   Cloning local Disk
•   Dumping system logs, install, audit, firewall

DMA access features (exploitation of Firewire and Thunderbolt interfaces)

•   Unlock or bypass in writring into RAM
•   Dumping RAM content
•   Exploit extracted data (see Analysis module)

Analysis module in order to easily exploit extracted data by one of dumping modes

•   Exploit Browser History
 x 4 (Displaying recordings, Local copy for usurpation)
•   Exploit Browser Cookies
 x 4 (Displaying recordings, Local copy for usurpation)
•   Display Browser Downloads
 x 4 (Displaying recordings)
•   Exploit Skype Messages
 (Displaying/Recording all recorded messages, with secret information or containing a special keyword)
•   Exploit iChat, Messages(.app), Adium messages (in the next version)
•   Exploit Calendar Cache
 (Display/Recording all recorded entries, with secret information or containing a special keyword)
•   Exploit Email Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword / )
•   Exploit RAM memory Dump
 (Searching Apple system/applications/Web Passwords)
•   Exploit Keychains
 (Display content Keychain
, Crack Keychain files)
•   Crack Hashes passwords

•   Exploit iOS files
 (Accessing to iPhone without passcode, reading secrets through iTunes backups)
•   Display Stickies Widgets

•   Display Printed Documents
•   Display prospective passwords 
(displaying all found passwords during dump and analysis phases)

Etc.

Más Información:

  • You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
  • (UPDATE)You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Código fuente:

  • You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Y un pequeño regalo para los que hayáis llegado a leer todo el post, aqui teneis todos los TIPS que se han utilizado para extraer y analizar la información para esta herramienta:

  • You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Espero que os guste tanto como a mi.

Un saludo.

Albert.

 

¿Te gustó el post? COMPARTILO!