+++++++++++++++++++++++++++++++++++++++++++++++++++++	
	      +++ Playing with metadata by [WarGame/DoomRiderz] +++
	      +++++++++++++++++++++++++++++++++++++++++++++++++++++


1) Introduction
2) Example & c0de
3) Conclusion
4) Greetz


1) Introduction

   We use many types of files every day, mp3s, images of many formats and
   other binary files (or xml like openoffice documents).
   They can contain music or images but nobody think they contain 
   other hidden informations too.
   Some MP3 have a "comment" tag inside them, it could happen they contain 
   links to sites or even email addresses.
   The same can be said for images, when you take a photo with a modern 
   digital camera you leave many information inside the image itself.
   My idea is that we can get many importa data from uncommon sources,
   for example mass mailer worms harvest email addresses from common text
   files like HTML, ASP or PHP, they could do the same using other file 
   formats.
   My english suckz coz it's not my main language :)
   



2) Example & c0de

   I used the awesome extract tool (http://gnunet.org/libextractor/), it can
   read metadata inside many file formats.
   So I tested this on a file that I got from internet.

      http://www.hq.nasa.gov/office/procurement/nraguidebook/proposer2005.doc
      Output of extract:
      mimetype - application/vnd.ms-office
      language - U.S. English
      company - NASA HQ
      paragraph count - 397
      line count - 1411
      last saved by - smarucci
      character count - 169392
      title - NATIONAL AERONAUTICS AND
      word count - 29717
      page count - 1

      In this example we got the username "smarucci", we could use it for
      social engineering.
    
   I did other tests using mp3 files taken from p2p or bittorent and I 
   could find many interesting informations in the "comment" tag.
   The same with jpeg images and some pfd files.
   The following piece of code show you what you can grab using extract.

   -- MetaScan.pl --

   #!/usr/bin/perl
   #example: perl MetaScan.pl "/myhome"
   sub MetaScan($)
   {
      my($dir)  = shift @_;

      opendir(DIR, "$dir") or die "Cannot open $dir!\n";
      for my $file(grep { !/^\./ } readdir DIR) {
        if(-d "$dir/$file") {
          MetaScan("$dir/$file");
        }
        elsif(-f "$dir/$file") {
          system("extract $dir/$file"); # call extract
        }
    }
    closedir DIR;
   }

   if($ARGV[0] eq "")
   {
	print "Usage: ./MetaScan.pl dir_where_to_start\n";
   }
   else
   {
	MetaScan $ARGV[0];
   }

   ----------------



3) Conclusion

   I hope this article can be interesting for you, we can use the infos
   taken from metadata in many ways. 
   We could expand the "extract" tool adding more keywords, modifying the
   file extractor.c in the libextractor package:
   static const char *keywordTypes[] = {
     gettext_noop("unknown"), /* 0 */
     gettext_noop("filename"),
     ...  /* add here your new keyword */
          /* remember to update the constant HIGHEST_TYPE_NUMBER */
   

   You can contact me at wargame89@yahoo.it



4) Greetz

   #eof-project,#virus @ undernet