Video and Lab - Information Gathering Using Metagoofil

Ethical Hacking - A Hands-On Approach to Ethical Hacking Gathering Information - Open-source intelligence (OSINT)
7 minutes
Share the link to this page
You need to have access to the item to view this lesson.
One-time Fee
List Price:  $139.99
You save:  $40
List Price:  €128.68
You save:  €36.77
List Price:  £109.54
You save:  £31.30
List Price:  CA$190.78
You save:  CA$54.51
List Price:  A$210.13
You save:  A$60.04
List Price:  S$188.67
You save:  S$53.91
List Price:  HK$1,093.43
You save:  HK$312.43
CHF 91.06
List Price:  CHF 127.49
You save:  CHF 36.43
NOK kr1,048.21
List Price:  NOK kr1,467.54
You save:  NOK kr419.32
DKK kr685.84
List Price:  DKK kr960.21
You save:  DKK kr274.36
List Price:  NZ$227.27
You save:  NZ$64.94
List Price:  د.إ514.17
You save:  د.إ146.91
List Price:  ৳16,424.23
You save:  ৳4,692.97
List Price:  ₹11,645.13
You save:  ₹3,327.42
List Price:  RM657.08
You save:  RM187.75
List Price:  ₦207,529.57
You save:  ₦59,298.40
List Price:  ₨38,952.22
You save:  ₨11,130
List Price:  ฿5,128.60
You save:  ฿1,465.42
List Price:  ₺4,505.02
You save:  ₺1,287.24
List Price:  B$724.25
You save:  B$206.94
List Price:  R2,573.66
You save:  R735.38
List Price:  Лв251.69
You save:  Лв71.91
List Price:  ₩190,221.90
You save:  ₩54,352.99
List Price:  ₪514.66
You save:  ₪147.05
List Price:  ₱8,117.95
You save:  ₱2,319.58
List Price:  ¥21,959.69
You save:  ¥6,274.64
List Price:  MX$2,335.27
You save:  MX$667.26
List Price:  QR510.23
You save:  QR145.79
List Price:  P1,900.42
You save:  P543.01
List Price:  KSh18,548.67
You save:  KSh5,300
List Price:  E£6,650.92
You save:  E£1,900.40
List Price:  ብር7,982.28
You save:  ብር2,280.81
List Price:  Kz119,249.08
You save:  Kz34,073.60
List Price:  CLP$126,219.94
You save:  CLP$36,065.41
List Price:  CN¥995.23
You save:  CN¥284.37
List Price:  RD$8,242.58
You save:  RD$2,355.19
List Price:  DA18,832.24
You save:  DA5,381.02
List Price:  FJ$311.92
You save:  FJ$89.12
List Price:  Q1,087.21
You save:  Q310.65
List Price:  GY$29,298.72
You save:  GY$8,371.66
ISK kr13,742.62
List Price:  ISK kr19,240.22
You save:  ISK kr5,497.60
List Price:  DH1,389.84
You save:  DH397.12
List Price:  L2,479.24
You save:  L708.40
List Price:  ден7,928.70
You save:  ден2,265.50
List Price:  MOP$1,125.76
You save:  MOP$321.67
List Price:  N$2,570.81
You save:  N$734.57
List Price:  C$5,151.79
You save:  C$1,472.04
List Price:  रु18,606.57
You save:  रु5,316.54
List Price:  S/523.93
You save:  S/149.70
List Price:  K544.26
You save:  K155.51
List Price:  SAR525.04
You save:  SAR150.02
List Price:  ZK3,747.57
You save:  ZK1,070.81
List Price:  L640.31
You save:  L182.96
List Price:  Kč3,172.88
You save:  Kč906.60
List Price:  Ft49,368.78
You save:  Ft14,106.37
SEK kr1,053.51
List Price:  SEK kr1,474.96
You save:  SEK kr421.44
List Price:  ARS$125,081.06
You save:  ARS$35,740
List Price:  Bs967.13
You save:  Bs276.34
List Price:  COP$541,644.74
You save:  COP$154,766.69
List Price:  ₡71,976.06
You save:  ₡20,566.05
List Price:  L3,458.74
You save:  L988.28
List Price:  ₲1,052,935.89
You save:  ₲300,860.31
List Price:  $U5,389.29
You save:  $U1,539.90
List Price:  zł547.24
You save:  zł156.36
Already have an account? Log In


Greetings in initial video presentation, we're going to see how we go about extracting metadata using meta Goldfield. Meta gu Phil is an information gathering tool designed for extracting metadata from public doc. The type of documents includes PDF docs, Excel files, PowerPoints, and other document types. metadata is information that is stored within the file that is not usually visible to the normal user. But it can be extracted, and it can provide some very interesting information about our target. That information can include a list of known users, email addresses, software types, and document locations.

Medical fields should be installed on your installation of Cali but if it's not, it's just a simple download using the apt get command. I'm going to go ahead and demonstrate how to download and install Magoo Pil. What I'm going to do is I'm just going to type into the command prompt here, app dash get space install space Magoo fill, I'm going to hit Enter, and it just comes back letting me know that the package is already found. Once meta goo fill is installed, you can go ahead and see the options that are available with it by just typing in meta goo fill at the terminal prompt. Now, it's important that you read everything about these options because we'll be using most of them. Also, in the examples, there is a meta goo filled dot p y command that is no longer applicable.

So you can drop off if you wanted to run the example, you could do so but you wouldn't be able to do it with after meta goo Phil. Using the example that we have been provided, we can cross reference these switches underneath the options that are currently presented to us up on the terminal. For instance, the dash D that is The domain we wish to search and the example is talking about dash D space Apple comm now the dash T is the file types we want to search for. So we type in dash T, we're looking for two file types in the example, doc and PDF. We also looking at the number of searches to limit the search to in this case, we're limiting the search to 200 on the next option, the dash and we're saying we only want to download 50 documents or 50 of the results.

Now the dash O that is the location where the results or the files will be downloaded. And the dash f that is the results dot html file that will be generated for us underneath the home directory. We're now ready to use medical field to conduct a metadata search on IBM COMM And I told it that I want to look for document types, both doc and PDF, I want to limit my search to 200. I want to download only 50 documents. I'm also telling it that I want you to save those documents to a folder on my desktop called meta goofy. I then want you to generate me a results file called results dot html, which will be located up inside of my home directory.

We're now ready to proceed. And I'm just going to go ahead and hit enter. This search will take some time because I BM does have a lot of information that is publicly available. You have to be patient with the search. So it's going to be downloading 50 documents, you can see that we're on number 12. Again, those documents are going to end up over here inside of my folder on the desktop called manigault fill.

It needs to be pointed out that not only research with meta goo Phil is going to be successful. There are a lot of domains out there where you cannot find out anything about them. And so you will not be able to download any documents and when you go to the results dot html file, you'll find that it will be empty. Now it's important that you read everything that pops up on this terminal, because it's a lot of good information. In this search, we found 123 files, of which we're going to download 50 of that 5025 will be docs, and the other 25 will be PDFs. Now the results are going to include hopefully, some email addresses that could possibly be used in something like a phishing attack.

These are email addresses that may be important could be the CEO of the organization or someone higher up that would allow us to make friends with and then send him a drive by download and have him open up the backdoor for us with some malware. And then we can come in and have the run of the network. So the search results are all being given to us up here on the terminal. But, but for brevity sake, if we go over here to the File Explorer, open this up, and we go into our home directory, which is the default location we get when we open up the file explorer, you'll see that we have a results dot html document, you can open up this document, and everything is going to be presented to us in a real nice format. For instance, we gathered 37 usernames, we gathered information about 35 different pieces of software.

We gathered seven emails, and we found the past to 12 different servers. So all that information is presented to you in here. Now if this was an actual target for something criminal, such as a bank, or a government agency, and we got these kind of results, it would be very beneficial for us and such a way that we might be able to organize and launch a very successful attack. We have 37 usernames that belong to this target. If we were to use some of our other, our open source intelligence tools, we might be able to find out some information about those 37 users such as their job, their title, where they work, what's their hobbies, our Facebook account, Twitter accounts, things like that, that we can use to help us build this attack scenario. So remember, to beat the hacker you got to think like the hacker.

If you're pen testing an organization and you come up with enough information, that organization may be at risk, just by the publicly available information that they have posted to the internet. If you'd like to continue on and practice gathering some information about certain domains, go ahead and delete your results dot html and move it over to the trash you don't need that. And you can also get rid of that folder up on the desktop and meta goo Phil will generate you a new one. That concludes this short video presentation on how we go about gathering information and extracting metadata using meta gu Phil. If you have any questions or concerns about this lab or the contents of this video, please do not hesitate to reach out and contact your instructor and I'll see you in my next video.

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.