Skip to content

Penetration Testing Lab

Offensive Techniques & Methodologies

  • Methodologies
    • Red Teaming
      • Persistence
  • Resources
    • Papers
      • Web Application
    • Presentations
      • Defcon
      • DerbyCon
      • Tools
    • Videos
      • BSides
      • Defcon
      • DerbyCon
      • Hack In Paris
  • Contact
    • About Us

Tag: backtrack

Posted on February 20, 2013

Extracting Metada From Files

Penetration testers must be able to think outside of the box and to use whatever method is necessary in order to discover information about their targets.Malicious attackers will not stop in the conventional tactics and this should apply and to the penetration tester.Many organizations are uploading in their websites word documents and excel files without been aware that they expose sensitive information.This information is hidden in the metadata of the files.Also in application assessments (web or mobile) it is a good practice except of the common vulnerabilities to check and the metadata in order to see if this information can be used in a malicious way.In this article we will examine some of the tools that we can use for metadata extraction and what kind of information can unveil.

Exiftool

One of the tools that can extract Metadata information is the exiftool.This tool is found in Backtrack distribution and can extract information from various file types like DOC,XLS,PPT,PNG and JPEG.Typically the information that we would look for are:

  • Title
  • Subject
  • Author
  • Comments
  • Software
  • Company
  • Manager
  • Hyperlinks
  • Current User

Below is the information that we have obtained from an image and the metadata from a doc file.

Extracting metadata of an image - exiftool
Extracting metadata of an image – exiftool
Metadata of a doc file
Metadata of a doc file
Metadata of a doc file 2
Metadata of a doc file 2

FOCA

FOCA is another great tool for analyzing metadata in documents.It is a GUI based tool which make the process a lot of easier.The only thing that we have to do is to specify the domain that we want to search for files and the file type (doc,xls,pdf) and FOCA will perform the job for us very easily.Below you can see a screenshot of the metadata that we have extracted from a doc file.As you can see we have obtained a username an internal path and the operating system that the file has created.

FOCA - Metadata
FOCA – Metadata

 

Conclusion

As we have seen in this article metadata can unveil important information which can be used in conjunction with other attacks.Companies should be aware about this exposure of information that exist in their documents and before they upload something on public domain must use the appropriate tools first in order to remove the metadata from their files and to mitigate the risk.

Posts navigation

1 2 … 8 Next →

Search Topic

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,500 other subscribers

Recent Posts

  • Persistence – Service Control Manager
  • Persistence – Context Menu
  • Persistence – Event Log Online Help
  • Unconstrained Delegation
  • Persistence – Notepad++ Plugins

Categories

  • Coding (10)
  • Exploitation Techniques (19)
  • External Submissions (3)
  • General Lab Notes (22)
  • Information Gathering (12)
  • Infrastructure (2)
  • Maintaining Access (4)
  • Mobile Pentesting (7)
  • Network Mapping (1)
  • Post Exploitation (13)
  • Red Team (119)
    • Credential Access (3)
    • Defense Evasion (22)
    • Domain Escalation (5)
    • Domain Persistence (4)
    • Lateral Movement (2)
    • Man-in-the-middle (1)
    • Persistence (31)
    • Privilege Escalation (17)
  • Reviews (1)
  • Social Engineering (11)
  • Tools (7)
  • VoIP (4)
  • Web Application (14)
  • Wireless (2)

@ Twitter

  • @n00py1 @LastPass your discord account is high value due to the knowledge that you could share by joining discord servers! 2 days ago
  • RT @aceb0nd: new blog post on bypassing ETW shellz.club/posts/a-novel-… 2 days ago
  • Elevate the current beacon to SYSTEM and obtain the TrustedInstaller group privilege. The impersonation is done thr… twitter.com/i/web/status/1… 2 days ago
  • @HackingLZ We have the same books 😂 2 days ago
  • Friendly reminder that the @pentestlabltd discord server is open to welcome new members with interest in the red/bl… twitter.com/i/web/status/1… 2 days ago
Follow @netbiosX

Pentest Laboratories Discord

  • Discord

Pen Test Lab Stats

  • 6,794,706 hits

Facebook Page

Facebook Page
Blog at WordPress.com.
  • Methodologies
    • Red Teaming
      • Persistence
  • Resources
    • Papers
      • Web Application
    • Presentations
      • Defcon
      • DerbyCon
      • Tools
    • Videos
      • BSides
      • Defcon
      • DerbyCon
      • Hack In Paris
  • Contact
    • About Us
  • Follow Following
    • Penetration Testing Lab
    • Join 2,198 other followers
    • Already have a WordPress.com account? Log in now.
    • Penetration Testing Lab
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...