Recon

Before hacking (red teaming, pentesting, etc.), you must of course first carry out a reconnaissance on the company. Almost every company has a public website with documents. These documents also contain metadata about the document itself, for example names, emails, software etc. This kind of information could be useful in a red teaming assignment. So let’s start harvesting information.

Metagoofil - the metadata collector

To obtain the metadata of the pubic documents we will use the tool Metagoofil. Metagoofil is a tool for extracting metadata from public documents (pdf,doc,xls,ppt,etc) belonging to a target. The tool is available on Github and on the Kali Linux repo. I used Metagoofil with the following command:

metagoofil -l 200 -t pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx -d {host} -o {host} -f {host.html} 

Results

From the results of the scan it can be concluded that the company uses the following software packages:

Metagoofil results

The results might contain useful information that you can use in your attack plan. For example the result of the Metagoofil scan might show that the company uses LibreOffice or OpenOffice. You could use a hyperlink in an ODT file to execute code (RCE) when the ODT file is opened on a system. So it is easy to get valuable information from a target (company).

With this information you can obtain valuable information about your target using “innocent” documents that are publicly available. Hopefully this blog will help you with hacking!