I was looking for a way, to get more information about my targets, something that could be useful
in a penetration test, one thing that is valuable are valid user accounts. So how can i have more
potential accounts? one way is harvesting email addresses from the search engines, this is old i wanted more; another way is to extract metadata from public documents of the target.
How can i accomplish that? Basically extracting MetaData information from the documents.
Metadata is literally "data about data", are information about another set of data. [wikipedia]
For example in the metadata we can found the Author Name, the software used with the document, who made the last change and even you can get the MAC address of the machine where the document was created.
Great, what we really want are usernames so the most valuable field is Author, so i thinked Why don't we use the power of google to find what public documents a company has, download them and extract the information we need?
To extract metadata i'm using the GNU libextractor it support
a lot of file formats. And recently I came across wvware it's used for access to Microsoft Word files, the difference is that with wv we can access to version control information, like the document that Michal Zalewski wrote about finding "recorded changes ranging from very minor (spelling, changed dates, slight reformatting, rewording to avoid being sued)", he did all the test on the Microsoft Website. lcamtuf-strikeout.
If you have any other idea please write me a lines to discuss the topic
That's all stay tuned.. :)