I can find your internal ERP system
The first step of any attack is to collect the information about a target. One of the most important resources for that purpose is Google (or another search engine) with its google dorking (hacking). You can find a lot of interesting information there, especially if your target is a big enterprise. The engine’s spiders crawl the Internet with its many, many sites, and we can dive into the information which they have collected for us.
Though sometimes, we can get information about internal systems: the ones which don’t have access to the Internet.
So, Xmarks. This is a very useful service (browser add-on) because it can synchronize the bookmarks from all your browsers. Each of us has many devices and browsers and the opportunity to have the same bookmarks (plus tabs, passwords, and so on) on each of them looks appealing. Of course the Xmarks service is rather spread.
This service can give us some interesting things because of its features:
- It collects some information (like URLs) from users’ bookmarks (* without linking a bookmark to its owner’s account)
- It uses open search through the database of users’ bookmarks
- Users save bookmarks about internal corporate resources
Get it all together, and now we can find some information about the target’s internal system.
Let’s try finding some examples.
For SAP Portal:
For Oracle PeopleSoft:
site:xmarks.com inurl:psp peoplesoft
Of course, not all of them are internal systems, but some are.
This is only one example which shows that it is possible to get information about the inside from the outside.
Alexey Tyurin (@antyurin)