Last month I put some of tutorial on Information gathering which
is first step of penetration testing ,
& today we will go ahead in this series . As you know Backtrack has all
tools for penetration testing , but this tool is not come with backtrack ; It`s
very powerful tool for information
gathering and its name is FOCA (Fingerprinting Organizations with Collected Archieves).
It is windows based tool ; you can
install it in linux with help of wine. But i used it in windows , you can find here “how to install foca inbacktrack?”
What kind of data can be found?
•Metadata:
–Information stored to give information about the document.
•For example: Creator, Organization, etc..
•Hidden information:
–Information internally stored by programs and not editable.
•For example: Template paths, Printers, db structure, etc…
•Lost data:
–Information which is in documents due to human mistakes or negligence,
because it was not intended to be there.
•For example: Links to internal servers, data hidden by format, etc…
Download:-
(1)Go to official website here.
(2)Enter your valid email address at end of page & you will receive
email which contain Download link.
(3)Install Foca by running setup.
Sample Example of FOCA:-
(1)Open foca click on create new project.
(2)Enter project name & domain name & click on create.
(3)On right side you can see different file types which will be
searching in given domain. Select which file type you want to search & click on search.
(4)As you can see in above image ; it will find different files from
domain using google & bing search engine.
(5)Then right click on file & download it &then again right
click on file & extract metadata from file.
(6)On left side click on metadata summary ;there you can find different
information which are extracted from document like username ;software; creation
date ;modification date.
It can also find different DNS of related domain & server details.
(7)It can also find some juicy info ; known vulnerability; backup;
directory listing ; sqli ; svn; GHDB and much more.
It`s just simple tutorial.So download it & enjoy it &
gather some critical information. J
1 comment:
Thank admin
Post a Comment