Tuesday, April 28, 2009

Information Gathering: Delicious

Here is a new source that could help you during a Penetration Test, it's not a source that will give you results most of the times, but hey! maybe you are lucky.

Delicious is a service for keeping your bookmarks in one place (online), it's social bookmarking.

So let's go with an example; if you have some nicknames from your target, you can search directly on their Delicious profile, all their public links, for example my profile:


Remember that users can mark a link as private, but here is where we can be lucky if they forget to save it as private.

Another way of searching in Delicious, is using target company URL's or IP's, in this example i will use just a standard internal ip:

And look the second result:

The root password in the url :)

In particular cases you can obtain interesting results


No comments:

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...