Recon

Before hacking (red teaming, pentesting, etc.), you must of course first carry out a reconnaissance on the company. Almost every company has a public website with documents. These documents also contain metadata about the document itself, for example names, emails, software etc. This kind of information could be useful in a red teaming assignment. So let’s start harvesting information.

Metagoofil - the metadata collector

To obtain the metadata of the pubic documents we will use the tool Metagoofil. Metagoofil is a tool for extracting metadata from public documents (pdf,doc,xls,ppt,etc) belonging to a target. The tool is available on Github and on the Kali Linux repo. I used Metagoofil with the following command:

metagoofil -l 200 -t pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx -d {host} -o {host} -f {host.html} 

Results

From the results of the scan it can be concluded that the company uses the following software packages:

Metagoofil results

With this information you can better prepare yourself for making an attack plan on the employees of a company. Suppose the result of the Metagoofil scan shows that the company uses LibreOffice / OpenOffice. Then you could use a hyperlink in an ODT file to execute code (RCE) on the system as soon as the employees open the file and clicks on the link. So it is so easy to get valuable information from a target (company).

With this information you can obtain valuable information about your target using “innocent” documents that are publicly available. Hopefully this blog will help you with hacking!