The first step of any attack is to collect information about the target. Everybody knows that. And one of the most important resources is Google (or another search engine) with its google dorking (hacking). You can find a lot of interesting information there, especially if your target is a big organization. The engine’s spiders crawl the Internet with its many, many sites, and we can dive into the information which they have collected for us.

But sometimes, we can get information about internal systems: the systems which don’t have access to Internet.

So, Xmarks. This is a very useful service (browser add-on) because it can synchronize all of your bookmarks from all of your browsers. Each of us has many devices and browsers, and the opportunity to have the same bookmarks (plus tabs, passwords, and so on) on each of them looks pretty good. And of course many users use the Xmarks service.

And this service can give us some interesting things because of its features:

  • It collects some information (like URLs) from users’ bookmarks (* without linking a bookmark to its owner’s account)
  • It uses open search through the database of users’ bookmarks
  • Users save bookmarks about internal corporate resources

Get it all together, and now we can find some information about the target’s internal system.

Let’s try finding some examples.

For SAP Portal:

For Oracle PeopleSoft:

Of course, not all of them are internal systems, but some are.

This is only one example which shows that it is possible to get information about the inside from the outside.

Alexey Tyurin (@antyurin)