Metadata are informations stored in a document itself but not easy to find for common mortals. Those infos usually are: file name/type/size, author, organization, created date, last modified date and so on… But sometimes there are extra infos that could be very interesting from a hacker point of view like email, phone number, username, geoloc and even local ip address.

Let’s take a look at a photo of the beautiful Scarlett Johansson. First I will use the nice online tool Jeffrey’s Exif Viewer wich will output dozen infos:

exif viewer 1 exif viewer 2 exif viewer 4 exif viewer 3

From here what usefull informations did I get ?

Ok nothing special here and nothing very serious, the only thing we can be sure is that the author has been very cautious with all details of the image, looks like copyright is important for him :)

Let’s try another file that I intentionnally set up with “secret” metadata. This time I will use the command line ExifTool wich can be used to read, set and edit metadata. This tool support about 150 different file format and is by default installed in Kali Linux.

exiftool

There I got the following infos:

By using a Google Dorks like site:www.leparticulier.fr filetype:pdf and after a bit of scripting combined with ExifTool, I was able to find about 15 usernames. With only this information in my hands I won’t be able to penetrate their system but it’s a really good start while performing the information gathering phase of a pentest. Plus you will probably be confronted to vulnerabilities who require a valid user to be exploited…

An awesome tool to automate metadata mining is FOCA. This program can search office documents of a specified site and extract all metadata to finally map the local network of the company.

> Foca demo at DEFCON 18

Anyway you should be able to remove the metadata of your document with the application you used to create it or with online tools, follow the link below.

> How to remove EXIF Metadata