206
◾
Ethical Hacking and Penetration Testing Guide
PDFINFO “Your PDF Document”
Now let’s have a look at what useful information we could gather. In the first line, you can see the
author’s name, “Abdul Rafay Baloch,” which might be very useful to us. Next, we see the most
important line “Microsoft Word 2010”. This might not be of interest to a layperson, but a hacker
is always interested in figuring out how this information can be put to use.
By identifying what PDF software a user
has used to generate PDF files, a hacker might be
able to find potential vulnerabilities in that software, or look for some already-discovered vulner-
abilities
for that particular version, and can use those vulnerabilities against the target.
Suppose you are pentesting against an organization. Knowing what software the organization
uses for generating PDF files could be helpful to you in carrying out social engineering and other
attacks.
PDFTK
PDFTK is another useful tool for generating PDF files, which has multiple functionalities like
combining and compressing PDF files. It’s not very efficient though
when compared to Origami
Framework, which could be used to generate PDF files more conveniently.
