Information Gathering: Delicious

Here is a new source that could help you during a Penetration Test, it's not a source that will give you results most of the times, but hey! maybe you are lucky.

Delicious is a service for keeping your bookmarks in one place (online), it's social bookmarking.

So let's go with an example; if you have some nicknames from your target, you can search directly on their Delicious profile, all their public links, for example my profile:

http://delicious.com/laramies

Remember that users can mark a link as private, but here is where we can be lucky if they forget to save it as private.

Another way of searching in Delicious, is using target company URL's or IP's, in this example i will use just a standard internal ip:

192.168.1.1

And look the second result:



The root password in the url :)

In particular cases you can obtain interesting results

-CMM

A fresh new look into Information Gathering v2

Here is the new version of my presentation "A fresh new look into Information Gathering v2" that i presented at FIST Conference Barcelona one week ago. It's a overview of some new sources and mostly based on Metadata and Metagoofil V2 (coming soon)

If you have some new source or technique that want to share, you are welcome :)

Download here

Enjoy

-CMM

Information Gathering III: Yasni and 123people

After the posts about Information Gathering about individuals using Spokeo and Pipl, now it's the turn of Yasni and 123People.

has an standard search page, where you have to put the name of the person you want to search information about. The result page is organized in "All, Personal, Business, News, Other Web pages and Comments", and the quantity and quality of the results is very good.

An interesting feature of Yasni is the Tag cloud about your target, in some cases is useful to check if it is really your target (assuming you know something about him/her).

Yasni also offers an "Agent search", which they say it will perform an exhaustive deep web search, and will return the results in 24 hours. I'm waiting for the firsts examples to arrive :)

The last people search engine i will review in this miniseries is "123people", one of the most used service on the net, and personally one of the best in the results organization. 

123 people results are organized in "web links, Amazon, Phone Numbers, Videos, News, Microblogs, Pictures, Blogs and Documents, and Social network profiles", 123people also has a Tag cloud like Yasni. 

123People has an email alert service, for receiving updates about your targets.

Right now we can say that the results are very similar between  the different services and we have to wait to see which will reign the people search engine terrain.

I have my preferences with 123people and Pipl,  but i recommend to use as much as possible when  performing an information gathering about a target.  All this services are oriented to the web and the social networks, there are other kind of services that will provide more information but they aren't free and the information is only available for certain countries, i will write a post about this services soon.

What's is your choice? 

-CMM

 

Information Gathering II : Pipl.com

Well after writing about Informationg Gathering and Spokeo, now it's the turn of Pipl.com as you can tell from the name is oriented to search information about individuals.

The application doesn't need a registration, this is good, and the search parameters that you can use is the Name, Last Name, City and Country, but also they  recently added the reverse lookup, where you can use an email address, nickname or phone number!

As usual i started searching for myself, and Pipl shielded more results than Spokeo. In the results we can find online profiles (Facebook, Myspace, etc), photo albums, Youtube accounts, Amazon accounts, blog posts, documents, pictures (with thumbnails) and many other kind of results.

Really is an interesting tool, and is improving over the time.

About the differences between Spokeo and Pipl, is that Spokeo aim to be more of a tracking tool of what is your "friends" doing, than  a one shot search and investigation. Also Spokeo just allow you to do 1 free check, and if you want more you must pay.

Finally one thing that i would like to see in these tools is an API to automate the search, and stop worrying about the changes in the results and the performance of my parsers.

Stay tuned because there are two new contenders in the arena of people search that i am testing this week.

 

Enjoy your investigations ;)

-CMM

Information Gathering I : Spokeo

Hi all,  i was researching new information gathering sources when i stumble with a website called Spokeo, in their website they claim that it "searches deep within 41 major social networks to find truly mouth-watering news about friends and coworkers", well it seems it's oriented to the gossip world, what everybody loves ;)

After seeing this promising prospect i decide to take a look and try this application, the main option is that you log in with your email account, and Spokeo will retrieve all your contacts and start gathering info about them, that's is not gonna happen in the this test; i prefer to search for a contact using an email address or a blog url.

So i launched a search with myself hoping for a good set of results.... but it was a great disappointing, Spokeo returned a very poor result set, well i though that maybe with other users i will have more results... but no, nothing at all, less info than before.

Maybe  if you allow the use of the API login, with your credentials will shield more results, but i didn't try this option yet.

A curious fact is that Spokeo has created a marketing campaign addressed at Human Resources people with "Spokeo HR", allowing the recruiters to perform an online profile of the candidate.

So it turned to be a good promise with disappointing results.

Do you have any feedback from this application?

Which other application do you recommend?

-CMM

Usename check!

After the presentation i gave at IV Spanish OWASP meeting, many people asked me about the website that checks if a username is registered at different websites (Social networks, web 2.0, etc).

The website that i use is: http://www.usernamecheck.com/

It has more than 70 sites for checking, this is very interesting when doing information gathering, or forensics investigations.

Next post i will show how can this site will help us.

Enjoy

-CMM

OWASP Spain Chapter Meeting

The next 21 of November i will be participating as speaker in the OWASP Spain Chapter Meeting, i will give a talk about Information Gathering, the key point of the presentation is to show new techniques on how you can gather interesting information about a target (individual or company) and how can you use it in a penetration test. I will talk about my tools, and some online sites that provide interesting information.

If you want to join us, remember the 21 of November, place IL3 - Institute for LifeLong Learning (Universitat de Barcelona)

Link: Owasp

Metagoofil in Toorcon

The last week Chris Gates from carnalOwnage gave a talk in Toorcon about Information Gathering called "New School Information Gathering" in his talk he speak about Metagoofil, and how you can use it on getting information from the metadata of public documents.

I liked the presentation, and i think that Chris did a good job putting everything together

If you want to get the presentation get it here: http://www.carnal0wnage.com/research/Carnal-NewSchool-ToorconX.pdf

CMM

Metagoofil 1.4 - Metadata exposed

Hi this time i will post a brief entry about the new version of Metagoofil released some

 days ago.

In this version (1.4) i added a new feature that will extract the MAC address from 

the office documents, yes you read right :)  the MAC ADDRESS. 

We can find this information inside the documents in a string like this:

_PID_ GUID ... {F96EB3B9-C9F1-11D2-95EB-0060089BB2DA}

The last 12 hex digits are your MAC!

So here we have another piece of information that can be used to track an user, and most of them 

don't know it's existence :(

The next version of Metagoofil it will possibly  map the MAC address to the vendor 

name, so we can have more information about a target company.

Download here: MetaGooFil