Information Security

Backtrack 4: Information Gathering: Archive: Metagoofil – Extract metadata from public documents

One good thing about writing articles on tools is you get to test out lots of different stuff you may not have normally used. One of these tools for me was Metagoofil. Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.). The tool first queries Google for different filetypes that can have useful metadata (pdf, doc, xls,ppt,etc), then it downloads those documents to the disk and run the program “extract” on every file. It will generate a HTML page with the results of the metadata extracted, plus a list of potential usernames.

Technology Errors

Error: failure: srvadmin-meta/srvadmin-all-6.2.0-1.5.el5.i386.rpm from dell-omsa-specific: [Errno 256] No more mirrors to try.

I installed some packages today for a client that uses a third party collocation provider to manage the hardware aspects of their servers. We handle all of the software installations and day to day management of the servers but this other company replaces hard drives and any other hardware that is necessary. Anyhow the third party collocation provider noticed one of the hard drives in a server with RAID 5 had gone down so today they did some troubleshooting and then requested that we install some software so they could manage the hardware in real time in the future. The software they wanted us to install were all OpenManage Server Administrator packages provided from a Dell repository called the Dell OMSA Repository. I ran into a couple minor issues along the way including the error noted below.