Someone I haven;t talked to for a long time sent me a linked-in ( http://www.linkedin.com ) request the other day, and I went to update my long-outstanding profile. For those who have not used Linked-in – it’s an online network of people you want to keep in contact with; and find/expand your relationships with people your contacts know.
At the time I was preparing to pen-test a company;s PeopleSoft web interface to Accounts Payable/ Accounts Receivable stuff. Of course, there was no correlation between these 2 activities except for the fact that Linked-in made my recon phase of the test that much easier. This wonderful site allowed me to generate a dictionary of possible first and last names of people currently working for the company. Given the fact and some other clues, I was able to infer user login policy to the Website interface. 
All I had to do is search for current employees of the particular company. Forget Monster profiles ( who knows how updated they are ). Forget searching for emails on Google. Login to Linked -in and having at least one sufficiently connected peer in your network( 500 references in my case ), I was able to find 145 people currently working for the company. Of them, 18 were execs and 34 were technical people with resumes reflecting technology they worked on at the company.
Needless to say the dictionary of first/last names were fed into brute-forcer against the web interface I was testing. 20 minutes later I got “Password invalid” for a valid user…. Interestingly enough, the valid user turned out to be an HR guy who never changed his password.
I wonder if anyone had taken it further to do some social engineering stuff ?
June 11, 2007 at 10:48 pm |
i use jigsaw.com by signing up with a bunch of trashmail accounts for that. or spoke. linkedin does have a lot of interesting people on it that might not be in other places and pipl.com queries it, so it’s a big target like myspace for personal information
June 12, 2007 at 4:13 am |
Thanks, dre. I will give jigsaw a try.