Hacking Software – FOCA

Software: FOCA

Description: FOCA (Fingerprinting Organizations with Collected Archives) is a Windows only forensic tool used to extract and analyze metadata from common file types. Metadata is basically descriptive information about data. For example, if you created a Word file in Microsoft Word, Microsoft Word would automatically include metadata in your Word file that would give out information like – when the file was created, using what program, what operating system was used to run the program, the username of the person creating the file, etc.. FOCA can extract this type of meta data from most common file types and analyze it, spitting back a report of very valuable information that can aid hackers during penetration tests.

Screenshot:












Features:

• Extracts metadata from Open Office, MS Office, PDF, EPS and Graphic documents.
• Uses Google, Bing and Exalead to find and examine the following file types on a target website – doc, ppt, pps, xls, docx, pptx, ppsx, xlsx, sxw, sxc, sxi, odt, ods, odg, odp, pdf, wpd, svg, svgz, indd, rdp , and ica.
• From the extracted metadata, FOCA can find information on users, folders, printers, software, emails ,operating systems, passwords, servers and more.
• Network Discovery
• Fingerprinting
• DNS Cache Snooping – discover what websites the internal users of a network are browsing on.
• Exports data into a Report

Download: Click here and enter your email on the bottom of the page to receive a download link.
 

Password Cracking – Part 5 – Dictionary Attack

What is a dictionary attack?

A dictionary attack is password attack where every word from the dictionary is attempted against a password hash. Good dictionary attacks use wordlists with dictionaries of other languages (depending on the target), the most commonly used passwords (many of which aren’t words in the dictionary), and order the wordlists with the most commonly used passwords on top to save cracking time.

For those of you who are visual learners, a dictionary attack is like approaching a woman or man using a pickup line from a list in you pocket, being shot down and kicked in the face, trying again, being shot down and smacked in the face, until finally one of the pickups on your list work and you have yourself a date.

When should you I use a dictionary attack?

When performing a password cracking attack, dictionary attacks usually are, and should be the first attack type used. Why? Because most people create shitty passwords due to the “huge” effort it takes to remember and type in a bit longer and more complex password. Due to this laziness factor, dictionary attacks can usually crack a good percentage of the hashes they are run against. Dictionary attacks are also the first and many times the only type of attack used in online attacks. This is because, as you’ve learned before, online attacks can be very slow and noisy.