Giters

dsespitia / MetaThief

PoC for extracting office files into PDF file metadata

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

MetaThief

It is a project developed in Python, which allows to perform a PoC to extract information, for which an attack program is used, which upon reaching the victim's machine commits the team to extract office files using the Metadata fields of PDF files. The second program is used by the attacker to extract the victim's filtered office files from the received PDF metadata,

Requirements

It is necessary to have installed the Python libraries mentioned in the file requirements,txt

pip install requirements.txt

Use exfiltering program

Before using the program metathief.py must load the data from the emails, once this is done should only run on the victim machine

python metathief.py

If you need to run on a Windows computer without installing Python, it is possible to convert the program to executable using pyinstaller.

Use reconstruction program

This is the help of the reconstruction program.

usage: recoonthief.py [-h] [-T TOTALFILES] [-P PATH] user

positional arguments: user specify name of the files owner

optional arguments: -h, --help show this help message and exit -T TOTALFILES, --total TOTALFILES specify numbers of extracted files -P PATH, --path PATH specify path of extracted files

The requested data is taken from the name of the files received from the metathief.py program, as the structure is as follows:

[File number filtered]-th-[user name]-ie-[number of parts of the file]-f-[number of this part].pdf

Maintainers

@dsespitia

License

MetaThief is licensed under GNU General Public License v3.0

About

PoC for extracting office files into PDF file metadata

Languages

Language:Python 100.0%