Metagoofil makes metadata extraction easy

| 0 comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx) belonging to a given target or victim website. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information-gathering phase. Metadata serves five purposes: resource description; information retrieval; management of information; rights management, ownership and …

Continue reading

Homebrew and not the beer kind

| 0 comments

Recently I had a need to install wget and Python on OS X Mavericks and anyone running a Mac can understand the pain point with installers outside of the Apple App Store. Before anyone starts asking the question why not use curl? That is like asking why not use Microsoft Windows? Now I am not bashing Windows because I use this  operating system depending upon my needs and task at hand. As a side note, it is possible to use Xcode and curl to compile and install wget, but why work harder rather than smarter? If you wish to take …

Continue reading

TrueCrypt goes dark

| 0 comments

Today was an interesting day in term of security within the encryption community. The developers of TrueCrypt have made the following statement: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” It is not clear exactly what is driving this decision and one can only guess at this point unless the development team comes out an conclusively comments on what the driving factor was. What makes this even more interesting, at least from my perspective, is the fact a security audit was just completed in April 2014. At that time, the phase 1 audit did not …

Continue reading

20 introductory Nmap command examples for the technology professional

| 0 comments

I’m not going to attempt to cover what Nmap is and what it can do. Rather the author states: Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of …

Continue reading

Hacking 103: Attacking Servers And Services With Hydra

| 0 comments

Now that I have covered Hacking 101: Footprinting Using Nothing But A Web Browser and Hacking 102: Active Footprinting With Nmap it is time to move into a physical attack upon the servers and servers that we have found in the course of investigation. There are a number of tools available in Kali Linux which include Medusa and Ncrack, but for the purposes of this article will will be using Hydra which is a very fast network logon cracker which support many different services. In this article we will take a look at the following attacks which are FTP and …

Continue reading

Hacking 102: Active Footprinting With Nmap

| 0 comments

This article is a followup of Hacking 101: Footprinting Using Nothing But A Web Browser which served as an introduction to passive footprinting. There are a number of tools that you can use both on a Windows and Linux platform and I prefer to use the Backtrack Linux distro for penetration testers, more specifically I will be using Kali Linux. If Linux is not your cup of tea then you can give the following tools a look and pick and choose what you need. Wireshark which open source multi-platform network protocol analyzer. It allows you to examine data from a …

Continue reading