Tuesday, April 28, 2009

Information Gathering: Delicious


Here is a new source that could help you during a Penetration Test, it's not a source that will give you results most of the times, but hey! maybe you are lucky.

Delicious is a service for keeping your bookmarks in one place (online), it's social bookmarking.

So let's go with an example; if you have some nicknames from your target, you can search directly on their Delicious profile, all their public links, for example my profile:

http://delicious.com/laramies

Remember that users can mark a link as private, but here is where we can be lucky if they forget to save it as private.

Another way of searching in Delicious, is using target company URL's or IP's, in this example i will use just a standard internal ip:

192.168.1.1

And look the second result:



The root password in the url :)

In particular cases you can obtain interesting results

-CMM
By -
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...

  • Scan for shellshock with wfuzz
    In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
  • Wfuzz 2.1 released !
    I'm pleased to announce  a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
  • Scanning ports through SSH Port Forwarding
    In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...