Documents
Web Forum Exploitation Using XKS
Jul. 1 2015 — 9:52 a.m.

Web Forum Exploitation
using XKEYSCRE
5217
July 2009

What forum data do we
_ _have in
I FISA full takei< for U.S. web forum
servers under FISA coverage
I Passive collection for OCONUS web
forum server traffic
I Passive collection for individual forum
users located OCONUS

Content
- Posts and private messages
When FISA is available PINWALE is best
for content (large amount of
traffic)
Time sensitive threats XKEYSCORE may
be faster

All posts/ threads on one
forum
I HTTP Activity query form
- Fingerprints:
maiI/WebmaiI/vbulletin/post*
- IP address (either): web forum server
IP

All Private Messages for a
Forum
I HTTP Activity query form
- Fingerprints:
- IP address (either): web forum server
IP

SysAdmin Activity
I CPanek
All web forum IP addresses
AND
Ports for CPaneI (2082 or 2083 or 2086 or 2087)
- AdminCP:
All web forum IP addresses
AND
- Application Info - *adminCp*

Applications Used on
Forums
I Example: all forum users with MS V2.0
private messages:
And