Skip to content

Penetration Testing Lab

Offensive Techniques & Methodologies

  • Methodologies
    • Red Teaming
      • Persistence
  • Resources
    • Papers
      • Web Application
    • Presentations
      • Defcon
      • DerbyCon
      • Tools
    • Videos
      • BSides
      • Defcon
      • DerbyCon
      • Hack In Paris
  • Contact
    • About Us

Tag: backtrack

Posted on February 20, 2013

Extracting Metada From Files

Penetration testers must be able to think outside of the box and to use whatever method is necessary in order to discover information about their targets.Malicious attackers will not stop in the conventional tactics and this should apply and to the penetration tester.Many organizations are uploading in their websites word documents and excel files without been aware that they expose sensitive information.This information is hidden in the metadata of the files.Also in application assessments (web or mobile) it is a good practice except of the common vulnerabilities to check and the metadata in order to see if this information can be used in a malicious way.In this article we will examine some of the tools that we can use for metadata extraction and what kind of information can unveil.

Exiftool

One of the tools that can extract Metadata information is the exiftool.This tool is found in Backtrack distribution and can extract information from various file types like DOC,XLS,PPT,PNG and JPEG.Typically the information that we would look for are:

  • Title
  • Subject
  • Author
  • Comments
  • Software
  • Company
  • Manager
  • Hyperlinks
  • Current User

Below is the information that we have obtained from an image and the metadata from a doc file.

Extracting metadata of an image - exiftool
Extracting metadata of an image – exiftool
Metadata of a doc file
Metadata of a doc file
Metadata of a doc file 2
Metadata of a doc file 2

FOCA

FOCA is another great tool for analyzing metadata in documents.It is a GUI based tool which make the process a lot of easier.The only thing that we have to do is to specify the domain that we want to search for files and the file type (doc,xls,pdf) and FOCA will perform the job for us very easily.Below you can see a screenshot of the metadata that we have extracted from a doc file.As you can see we have obtained a username an internal path and the operating system that the file has created.

FOCA - Metadata
FOCA – Metadata

 

Conclusion

As we have seen in this article metadata can unveil important information which can be used in conjunction with other attacks.Companies should be aware about this exposure of information that exist in their documents and before they upload something on public domain must use the appropriate tools first in order to remove the metadata from their files and to mitigate the risk.

Posts navigation

1 2 … 8 Next →

Search Topic

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,204 other followers

Recent Posts

  • Lateral Movement – Services
  • Indirect Command Execution
  • Spyse – A Cyber Security Search Engine
  • Persistence – COM Hijacking
  • Persistence – DLL Hijacking

Categories

  • Coding (10)
  • Exploitation Techniques (19)
  • External Submissions (3)
  • General Lab Notes (22)
  • Information Gathering (12)
  • Infrastructure (2)
  • Maintaining Access (4)
  • Mobile Pentesting (7)
  • Network Mapping (1)
  • Post Exploitation (13)
  • Privilege Escalation (14)
  • Red Team (84)
    • Credential Access (2)
    • Defense Evasion (22)
    • Lateral Movement (1)
    • Persistence (24)
  • Social Engineering (11)
  • Tools (7)
  • VoIP (4)
  • Web Application (14)
  • Wireless (2)

@ Twitter

  • RT @cyb3rops: It started with a new rule that I wrote to look for encoded versions of Mimikatz' ASCII Art and ended with a solarwinds123 mo… 1 day ago
  • Alaris Shellcode Loader - A protective and Low Level Shellcode Loader the defeats modern EDR systems github.com/cribdragg3r/Al… 2 days ago
  • @joehowwolf I agree, typically this is my writing style format the last 2-3 years. We should care about the defensive stuff as well 3 days ago
  • RT @netbiosX: My favourite website about law! tsava.law #law #lawyer #Lawyers 4 days ago
  • Bad Outlook - A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode o… twitter.com/i/web/status/1… 4 days ago
Follow @netbiosX

Pentest Laboratories Discord

  • Discord

Pen Test Lab Stats

  • 5,105,077 hits

Facebook Page

Facebook Page
Blog at WordPress.com.
  • Methodologies
    • Red Teaming
      • Persistence
  • Resources
    • Papers
      • Web Application
    • Presentations
      • Defcon
      • DerbyCon
      • Tools
    • Videos
      • BSides
      • Defcon
      • DerbyCon
      • Hack In Paris
  • Contact
    • About Us
Cancel

 
Loading Comments...
Comment
    ×