Obtain Valuable Data from Images During Recon Using EXIF Extractors [Tutorial]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

during an OSINT investigation photos can be a great source of information for one there's the information encoded in the photo you can see and then there might be even more in the form of geo-tagging or XF data today we'll take a look at cross-platform ways we can examine XF data in this episode of cyber weapons lab [Music] [Applause] [Music] EXIF data or exchangeable image file format data is available on a lot of different files besides just images in images though there's some specific information that can be a lot more helpful such as geo information which can allow you to identify the exact location where the photo was taken now exploring this metadata can be of great use during an ocean investigation where only a couple photos might be the only clues that you have to work with with exif tools so we can work to go behind the scenes and learn more about the device that was used to create the file where the person was the time they took it and the exact time that it was taken now all this information can lead to finding out more about the subject whether it's the device they use for exploring potential vulnerability or if you need to tie the same person to a whole range of photos you can explore this information to maybe identify that the photos use all of the same types of details and that they use the same software and the same device that the person is known to carry now this sort of attribution is only possible when we take a peek behind this metadata so to do so we'll be exploring three different types of ways of doing so that are cross-platform and easy to use the first is a command line script that allows us to dig into the data the second is a website that allows us to both upload and strip information in case we want to send the file to a third party and the last is a browser extension that allows us to pull this information from any image on a website we might happen to be on now to use this you can check out the null byte article linked in the description but in general it's cross-platform and easy to use so as soon as you have some images you'd like to search you should be ready to go today we're going to take a look at some photos and see what we can learn about them aside from what we can see visually now this means digging into the metadata so when we're dealing with photos like this where we might not know where they were taken or what device they were taken on we'll be using a couple of command line tools first in order to learn what we can about these and maybe take the next step in identifying who took them or they were taken now in Kali Linux there's a tool that's really really useful and if it's not installed you can type apt install XF so this will go ahead and install accesses if it hasn't already been installed but once you have it you can type man XF to see exactly what it does now as you can see it's a small command-line utility to show and change access information in JPEG files so while this can't handle pngs there are plenty of other services that can and in this one I just like the fact that it's generally included in Kali Linux and if it's not it's incredibly easy to set up now I'm gonna hook go ahead and press Q to exit and in order to use this we can of course go ahead and look at the help file [Music] hmm there we go so it wants the full help all right so we can see there's a lot of different commands we can run with this however this is not all necessary to just dump the information from a file so when we were first kind of checking this out I was playing with all the flags and exporting to XML but really it's much more simple to just take a file and write XS and then the file path to the actual file so here we're gonna just take this picture of a cat and we can see all this information is pulled directly from the file so we can see that it's a Samsung phone we can see the width and length of the photo which might be kind of tying it to a particular application that was taking that photo we can see the orientation at the phone room it was taken and the list really goes on as you can see this can quite accurately fingerprint the particular device that took this both on the software and the hardware characteristics that are baked into this metadata that's available for anybody that wants to run this on a photo now here further down you can see there's actually GPS information as well and this is incredibly accurate because it's taken from the cell phone which was probably using a GPS to get it so even in a city where the GPS signals might be bouncing around you can expect this to be pretty accurate so what does that mean do I need to be afraid to send this photo out or what does that really kind of conclude - well if I were to upload this to Instagram or Twitter then this information would be stripped out however if I were to email this to someone directly or post it on like imager or some of the things we'll take a look at in a minute then it means that the information could still be retained and unintentionally reveal more than we wanted to now I'm going to go ahead and go back to this other image and in running this you'll see that while there is some metadata not everything is available because it's been stripped out so probably the most serious information we can pull from this is a GPS location and here what we can see that there's a particular orientation that three 3024 this one is is 30 24 43 - okay so while they do have these same X&Y dimensions there are other characteristics here that might allow us to differentiate that different phones took these photos okay so that's how this works in the command line but if you don't want to work with command line can you still get access to all this information about various photos that you might encounter during an ocean investigation well the answer is yes because aside from there being in command line script there's also tools in a browser that allow you to just go ahead and do this on your own so here we have a tool that's a very XF comm and you can go ahead and upload an image and then remove the X of data if it's something you're worried about so here if I want to I can go ahead and go to downloads and take this one here and then click view XF and it should upload the photo and then dump the information that we're able to retrieve so if you have any photos that you're thinking of sending out and you want to make sure that there's nothing sensitive here this is probably you're worth your while because you can not only upload it but then immediately see if you want to remove that data if it's something that you don't want to include now here we can see that yes we would definitely want to remove this because it's even populated it looks like it's trying to make a map or something out of the information it's managed to pull from this particular set of metadata and here we go it's trying to show exactly where this was taken which I don't really want to show on our show so here's another example of a great online resource this is X F dot reg X info so this allows us to take either a URL so a photo on the Internet and here's just going ahead and looking around for various things I found this photo of a watch on photo bucket so I'm going to go ahead and copy the link location or let's see a copy the image location and I can drop it into this tool and instead of uploading something from my own computer I can verify that I'm not a robot let's see how good I am at this bridges all right okay great and then click on View image data now if we scroll down we can see that we pulled actually longitude and latitude out of this random photo and we can even see the model of the camera that it was taken with so that means that this camera this is probably a smartphone included GPS information and embedded it so even when this person just uploaded this random photo then we actually retain the information and we were able to see where it was taken so here's to various online resources to in order to actually look at the data that's included in our own photos or maybe take a look at photos on a website that were maybe poking around on maybe what we want to identify who's taking the photos behind it that might allow us to determine the GPS location of where those photos had been taken in the first place now on this website here when I went to photo bucket you might have noticed a little pop-up that said a GPS location now the next thing I want to go into is browser extensions and there's a number of them that are super interesting and today we're going to be focusing on Firefox but for Chrome there are a number of different options as well now what these browser extensions do is allow us to identify immediately whether or not GPS data exists and one of them that I'm using is just an automated pop-up and go ahead and I would hate to robots okay well when we go to this if we we should have the photo still there there we go now we should be able to do a couple different things with this photo first if we right mouse click it we can use the XF viewer Firefox add-on in order to directly view information from the browser without needing to actually put it into a website this is one of my favorites because you can see the link you can scroll to any of the fields and here you can see in the GPS information we have quite a lot of stuff including generating a nice Google Maps URL so if we click on that then it should take us to the location that this photo was actually taken and we should also be able to see the actual time and the GPS dates and we can see actually let's let's see where this is so I'm gonna exit out of this and if we pull back a little bit we can see that this photo was taken where are we somewhere in Spain all right cool so this wristwatch was taken the photo the response was taken somewhere in Spain it was encoded with GPS information uploaded to the internet not that one uploaded to the Internet and then we were able to trace that back just by examining the eggs of data now similarly if there's something on your computer and you just want to here's the photo from before drop this picture in of a cat and then click on the exit viewer then this is an easy way to go ahead and just pull the information and see hey where's the GPS information where's the other information about the device that actually produced this and pull this information out and either verify whether or not somebody is the same person that took a series of images or maybe the exact location of where those images were produced now of course you can use this in all sorts of various ways both to delete metadata that might be a little bit more that you want to share with the Internet at large or to track down clues you find during an ocean investigation that require you to actually kind of pull this information out for yourself now if you're curious how to get to this you can click on this menu in Firefox and go to add-ons and you should be able to find these by just typing in exif so here are the two that I have added the first is exit viewer and the second is GPS detect GPS detect is the one that will automatically alert you when a GPS tag is detected in photos on a website which is pretty handy because it just pops up and lets you know and then exit viewer will actually allow you to right mouse click on any photo and attempt to extract accept data from it between the two of these and the various websites and command line tools exif data is an amazing way to learn about the source of an image if it comes up in an osa investigation it can be pretty shocking to learn the information you can pull from an image and if you're concerned about your privacy being at risk you should know that most platforms do strip off this data if you're uploading something like to Instagram or to Twitter however if you're just sending a file via email that is a way that some of this data could be leaked so if you're concerned about this sort of thing you should go into your phone settings and make sure to disable any of Geo encoding because this will prevent it from saving any geo data which at least will prevent your location from being leaked that's all we have for this episode of cyber weapons lab make sure to LIKE comment and subscribe and if you have any questions about XF data you can check out the article linked in the description if you have an ideas for future episodes send me a message on Twitter because we'd love to hear from you I'll see you next time

Info

Channel: Null Byte

Views: 123,400

Rating: 4.9558167 out of 5

Keywords: wht, wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, howto, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, Exif Extractors, Images, Data from images, Meta data, photo meta data, gps data, browser extentions, exif browser extentions, data mine, datamine, recon, reconnaissance, osint, exof, metadata, exif viewer, geotag, geotags, geolocation, gps, gps coordinates, coordinates, geo-encoding, map, chrome, firefox, firefox add-on, addon, add-on

Id: tFdKJcsBJOw

Channel Id: undefined

Length: 14min 0sec (840 seconds)

Published: Tue Jun 18 2019