Pac4Mac (Plug And Check for Mac OS X)

Iniciado por StateX, Mayo 07, 2015, 06:47:06 AM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Hola a todos,

No se si ya estáis usando esta herramienta pero a mi me parece tan completa que la voy a compartir.

Pac4Mac es una herramienta para extraer y analizar información de un MAC OS X (vamos para hacerle un forense en condiciones :) ) Ademas, esta bajo una Apache License 2.0.


Os dejo con las features de Pac4Mac :

•   Developed in Python 2.x (natively supported)
•   Framework usage
•   Support of OS X 10.6, 10.7, 10.8 and 10.9 (not tested)

Data extraction through:

•   User or Root access
•   Single Mode access
•   Target Mode access (Storage media by Firewire or Thunderbolt)

It use 3 dumping modes : Quick, Forensics, Advanced:

•   Dumping Users / User Admin

•   Dumping  Mac's Identity (os version, owner)

•   Dumping  Miscellaneous files (Address book, Trash, Bash history, stickies, LSQuarantine, AddressBook, Safari Webpage Preview, Office Auto Recovery, WiFI access history, ...)
•   Dumping content of current Keychain (security cmd + securityd process)
•   Dumping Users Keychains

•   Dumping System Keychains

•   Dumping password Hashes

•   Live Cracking hashes password
s
•   Dumping Browser Cookies (Safari, Chrome, Firefox, Opera)

•   Dumping Browser Places (Safari, Chrome, Firefox, Opera)

•   Dumping Browser Downloads history (Safari, Chrome, Firefox, Opera)

•   Dumping printed files

•   Dumping iOS files backups

•   Dumping Calendar and Reminders / Displaying secrets
•   Dumping Skype messages / Displaying secrets on demand
•   Dumping iChat, Messages(.app), Adium messages
•   Dumping Emails content (only text)

•   Dumping Emails content of all or special Mail Boxes
•   Adding root user
•   Dumping RAM
•   Cloning local Disk
•   Dumping system logs, install, audit, firewall

DMA access features (exploitation of Firewire and Thunderbolt interfaces)

•   Unlock or bypass in writring into RAM
•   Dumping RAM content
•   Exploit extracted data (see Analysis module)

Analysis module in order to easily exploit extracted data by one of dumping modes

•   Exploit Browser History
 x 4 (Displaying recordings, Local copy for usurpation)
•   Exploit Browser Cookies
 x 4 (Displaying recordings, Local copy for usurpation)
•   Display Browser Downloads
 x 4 (Displaying recordings)
•   Exploit Skype Messages
 (Displaying/Recording all recorded messages, with secret information or containing a special keyword)
•   Exploit iChat, Messages(.app), Adium messages (in the next version)
•   Exploit Calendar Cache
 (Display/Recording all recorded entries, with secret information or containing a special keyword)
•   Exploit Email Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword / )
•   Exploit RAM memory Dump
 (Searching Apple system/applications/Web Passwords)
•   Exploit Keychains
 (Display content Keychain
, Crack Keychain files)
•   Crack Hashes passwords

•   Exploit iOS files
 (Accessing to iPhone without passcode, reading secrets through iTunes backups)
•   Display Stickies Widgets

•   Display Printed Documents
•   Display prospective passwords 
(displaying all found passwords during dump and analysis phases)

Etc.

Más Información:


Código fuente:


Y un pequeño regalo para los que hayáis llegado a leer todo el post, aqui teneis todos los TIPS que se han utilizado para extraer y analizar la información para esta herramienta:


Espero que os guste tanto como a mi.

Un saludo.

Albert.