3 responses to “Extracting Metada From Files

  1. MikeW

    February 20, 2013 at 2:52 pm

    As always, great article, thanks.
    Could you give examples as to how the hidden metadata could be used maliciously?
    Say for example, am I right in saying a hidden hyperlink url may accidently be linking to an open web address/folder, or an exposed author name could give the pen tester a name to social engineer etc?
    Are there any other common uses / examples of metadate being used?

  2. netbiosX

    February 20, 2013 at 3:25 pm

    These data can be used in social engineering attempts as you mentioned correctly but it is not only that.If for example you obtain a user account as the last image indicates then you already have a valid username to play with and you need to discover the password in an infrastructure penetration test.If you find an internal path this is considered an information disclosure vulnerability so you should mention it on your report and you could potentially use this information as soon as you got access to the company’s network in order to discover and other valid paths or network shares.

  3. daronwolff

    February 7, 2014 at 10:11 pm

    Great Article!!!!!!!
    Many thanks..
    Will be usefull


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: