WHAT'S NEW?
Loading...

Information Gathering Using FOCA

Last month I put some of tutorial on Information gathering which is first step of penetration testing  , & today we will go ahead in this series . As you know Backtrack has all tools for penetration testing , but this tool is not come with backtrack ; It`s very powerful  tool for information gathering and its name is FOCA (Fingerprinting Organizations with Collected Ar�chieves). It is windows based  tool ; you can install it in linux with help of wine. But i used it in windows  , you can find here �how to install foca inbacktrack?


What kind of data can be found? 

�Metadata:
�Information stored to give information about the document.
�For example: Creator, Organization, etc..
�Hidden information:
�Information internally stored by programs and not editable.
�For example: Template paths, Printers, db structure, etc�
�Lost data:
�Information which is in documents due to human mistakes or negligence, because it was not intended to be there.
�For example: Links to internal servers, data hidden by format, etc�

Download:-

(1)Go to official website here.
(2)Enter your valid email address at end of page & you will receive email which contain Download link.
(3)Install Foca by running setup.

Sample Example of FOCA:-

(1)Open foca click on create new project.
(2)Enter project name & domain name & click on create.


(3)On right side you can see different file types which will be searching in given domain. Select which file type you want to search &  click on search.

(4)As you can see in above image ; it will find different files from domain using google & bing search engine.


(5)Then right click on file & download it &then again right click on file & extract metadata from file.

(6)On left side click on metadata summary ;there you can find different information which are extracted from document like username ;software; creation date ;modification date.
It can also find different DNS of related domain & server details.

(7)It can also find some juicy info ; known vulnerability; backup; directory listing ; sqli ; svn; GHDB and much more.

It`s just simple tutorial.So download it & enjoy it & gather some critical information. J

0 nhận xét:

Đăng nhận xét