Metadata Analysis is something very interesting and untried by most of bug bounty hunters and security researchers, and the Truth is that metadata stuff cold be found in each domain of the information security. See below a little introduction about metadata first before going towards analysis.
What is Metadata ?
metadata basically is something that let's know about details, type, functionality and a couple of other useful things about a specific data. Now this data could be anything, an image, document, binary file, webpage any stupid thing available in the domain of information security.
where to perform metadata forensic ?
as above mentioned we can perform metadata analysis on various things so here i'd like to add some.
- doc, docx, xls, xlsx, ppt, pptx and almost all office files.
- stickynotes
- pdf files
- images
- binary files
and a lot more could be added. Let's without wasting time try to find out how we can perform metadata forensic analysis on this specific list given above.
Analyzing PDF Files at a glance
i hope if u landed here u might know what pdf files are if no please refer to wiki pages for that, now coming to the point we've a pdf viewing tool called xpdf which contains a library called pdfinfo. we're going to use exactly that library. below is the image illustrating how it's going to work out.
 |
| pdfinfo |
you can get the help for the tool by adding pdfinfo -h or asking me in comments. now let's talk about another great tool that can analyse a huge list of file which u can see on wiki(i don't wanna spoil my post). okay tool name is obviously exiftool which many of you've already heard of, we'll analyze a doc & pdf file here for demo purpose.
 |
| exiftool -Author winasmtut.pdf |
okay, we can also perform some nasty stuff ;), like changing metadata headers and a lot more. just see below an example.
 |
| exiftool -Author="Handsome Guy" winasmtut.pdf |
We can also play with exif a bit let's see some JPEG file operations. see below a list of tasks.
Below we'll see a hacky shacky trick for hacking image metadata.
 |
| exif dead.jpg |
 |
| exif --tag=0x132 dead.jpg |
Below we'll see a hacky shacky trick for hacking image metadata.
 |
| exif --tag=0x132 --set-value="Prove Vanished For this Doc ;)" --ifd=0 dead.jpg |
and Much More is waiting in this domain. We'll Soon Publish another detailed tutorial for various filetypes analysis including binary files and some others. so below is my final Question about this post.
- Author
Did you Enjoyed Reading This ? and what you'd Like to see Next ? Suggest in Comments.
- Author
Thanks for sharing your great ideas, thank you so much and keep share.
ReplyDelete