Thursday, August 12, 2010

Extracting MetaData from photos using exiftool in BT4

This guide is about using exiftool, this tool is used to strip Meta data from photos. This can be used from both a Forensics standpoint as well as for doing reconnaissance work on a given target. Especially if this target is very generous when it comes to giving away too much information, in it's photos.
As a warning, it's not cool to stalk people so don't be doing it.
I mean really if you have to stalk someone you probably will never have a relationship with them anyway loser!

So the tools is located in the menu structure under Digital Forensics, or through the
/pentest/misc/exiftool/ directory.

This screen shot shows the default output when calling the command.
--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool
--------------------CODE-----------------------------------

From exiftool



You will need to read the README in order to learn more information.

If you want to just test the tool out, you can use the provided .jpg to do so.
The command would be
--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool t/images/ExifTool.jpg
--------------------CODE-----------------------------------

From exiftool

The above photos only shows a portion of the output. To see the rest you will need to run the tools yourself.
There is a lot of information that could be gained from this test, but in reality the tool author has already sanitized anything of value.
The only thing that is really left is camera information. Boring at best. So let's grab a few photos from the web and see what they can give us.

Ok so to help keep the innocent that way, I won't be linking or giving away too much on the actual photos, I downloaded.
But they are easy to find thanks to social media 2.0.
From the next photo we can parse quite a lot of data out of it.

--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool /tmp/1444432405-37422182c96b551a67f534ead5532.4c63f758-scaled.jpg
--------------------CODE-----------------------------------

From exiftool


So photos 3 shows some generic information on from the camera, we can determine roughly the type of phone in this case a Motorola Droid X

From exiftool


But, in photo 4 bingo, we now have the information from the GPS. So we now know exactly where our target is located, at least at the time of the photo being taken. But by looking at the same information from several photos we maybe able to determine patterns in our targets behavior.
So here is the pertinent data given up by our photograph. 28 degrees 26' 26.00" N 81 degrees 28' 26.00" West
There are many websites to include Google maps to help you put this info into something more familiar, like addresses. Depending on the phone or camera being used this information can be turned off. Which is kind of a smart thing to do.

So that's about it. There are several ways to gain this information from photos, and this is one of tools, that is included in BT to do it.

Thursday, August 5, 2010

Setting up Fluxbox in BT4 R1

So this guide is for those that choose to upgrade from BackTrack 4 final to the R1.
This does not really apply if you are downloading the R1.iso. Please keep in mind that this is this a new release and there may be bugs (please report them)! This post will also assume you have backtrack-dragon installed. You can use this to setup the rest.
---------------------------CODE----------------------------------------------------
root@bt:~# apt-get install backrack-dragon
---------------------------CODE----------------------------------------------------
Once this finishes run dragon, select desktop and finally desktop fluxbox

From Fluxbox setup BT4 R1


Once this finishes then you need to run flux-for-back
---------------------------CODE---------------------------------------------------
root@bt:~# flux-for-back
---------------------------CODE---------------------------------------------------
From Fluxbox setup BT4 R1


You will see several options to choose from. We are concerned with the -s option so
---------------------------CODE---------------------------------------------------
root@bt:~# flux-for-back -s
---------------------------CODE---------------------------------------------------
From Fluxbox setup BT4 R1


This will bring us a bunch of new choices. In order to build the menu choose either 1 or 2 based on if you want the icons.
Depending on your setup this may take a bit of time. Mine took about 6 or 7 minutes.
Once it is finished it will exit the script and return you to the prompt. At this point you can consider yourself done.
So now you should have the pretty new menu setup for BT
Looking like this.
From Fluxbox setup BT4 R1


At this point you can exit the script. If you want to change the background then you can use the new menu right click by the way is how to access it. So right click and select "flux menu" at the bottom. Then "Backgrounds" "Set BackTrack default Background".

From Fluxbox setup BT4 R1


To change the style to a BT one select "flux menu" then "Styles" "Fluxbox BackTrack Styles"
From Fluxbox setup BT4 R1


Then select one of the 3 choices from the following:
"Centurion_BackTrack_blue, Centurion_BackTrack_red, and flux_bactrack_eeepc"

This last image show the red theme.
From Fluxbox setup BT4 R1




So that's pretty much it. Now you have a new light weight window manager.
Remember that there may be bugs in these new tools so please be patient and report them if you do find them.

Have fun.