In lots of "hacker" movies they just punch in a few words into some program and they
have lots of data on just about anybody they want. In real life not so much..

Well actually recently a lot of public records are now available online. Saving
you the trouble of queueing at city hall, getting access to a phonebook
from another country or even region isn't as fast as clickydiclickclick,
calling information/people up for information is usually not as cheap either.

But this public data is spread over so many poor websites that you just
have no idea what information is available about you out there. Or anybody
else.

So I thought i'd start another list here for people to contribute all the
databases they know of that might contain information about
persons, busynesses, legal entities, anything from the real world.

The first line of attac:
what people tell about themselves:
social networking sites:
hyves.nl,
members.msn.com/email (and hence msn spaces),
linkedin.com (aren't we all in there ? )
facebook, blogs, redbox: the stuff you would pick up on using google or any standard robot


some databases I'll contribute in first instance:

busynesses:
kvk.nl : "kamer van koophandel" All busynesses from the netherlands should be in there
http://kbo-bce-ps.mineco.fgov.be/ps/kbo_ps/kbo_search.jsp?Action=SKW : "kruispuntbank" something very similar but for Belgium
http://www.nmprc.state.nm.us/cii.htm something similar but for the state of "new mexico" in the USA
.. i'm guessing most countries states have this kind of info online by now?
whois ...

persons:
familienamen.nl : how many people with a certain last name live where, this could give you a zip code or city for further queries, if the name is uncommon
familienamen.be
http://1207.be/nl/jsp/1x07be_normal_search.jsp Belgian phone book


I heard lately in the news that you can even get signatures from people in the UK with
a lease out on their name. Didn't catch the url though. And the story that gave me the idea
to start this thread involved progressive.com with data from the dmv

looking forward to your additions


PS: if for no other reason this information is great to collect as it allows you to play the
"I bet i can guess your house number"-bargame so much more fun.

hehe, you always start interesting topic rhican

The first line of attac:
if you get an website, you can use a whois-service like domaintools.com or united-domains.de (how do they work? is it possible to write your own whois-service with php?)

There are some databases which contain email adresses. this is a service for the owners. If they change their adress one day, they don't have to tell everybody the new one, because people
can look into the database.
I just know a german one: uni-konstanz

http://maps.google.com/
If you know the place where your "target person" lives and a few other things it is possible to get the persons house number and street.
was pretty cool. a girl just told me the town she was living in and I got her street and house number ... but I had a few other facts, like:
* I knew she needs 5 minutes from the train station to her house
* she has a German shepherd dog, so there has to be place where she can go to
* she said they have a big house

Genealogy
There are several databases for Genealogy where you can find information about people...


and, last but not least: GOOOOGLE
if you know a persons nick-name (and this person doesn't change it always...) you can find a lot of information in forums / blogs / self-made websites
I found the website of one of my teachers and now i know where and when he was born, his women (with photo), his previous jobs, when he made his exams, what he studied and what he likes to do in his freetime. Ah, and of course where he lives, his telephone number and email adress (and I know that he hates my informatics teacher, who, by the way, forbid me to lift my finger in his lessons as I know more about his subject)


hey, tomorrow i'll start another topic about movies with hackers and what they are able to do
I think that might be funny

german phone books
persons: http://www.dasoertliche.de/
business: http://www.gelbeseiten.de/yp/start.yp

edit: http://www.phonebookoftheworld.com/

Basically this information is collected when you register a domain, and then made available.

How? with the whois protocol, running on whois servers
however these days websites do often an interface to this data, and sometimes more information, because
they can use captcha. like on dns.be

to script this with php you can simply use the passthru("whois $_GET["domain"]")

basically the whole dns/whois information has a lot to offer concerning website owners and isp's.

on a linux shell you can access this information using
whois [domainname.tld]
dig -x [ip] : do a reverse dns lookup
host [domainname.tld] : get more ip's associated with the domain

# dig -x 85.13.129.91

; <<>> DiG 9.4.1-P1 <<>> -x 85.13.129.91
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39565
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;91.129.13.85.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
91.129.13.85.in-addr.arpa. 80   IN      PTR     bright-shadows.net.

;; Query time: 119 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Fri Aug 17 01:16:16 2007
;; MSG SIZE  rcvd: 75

 # host google.com
google.com has address 64.233.167.99
google.com has address 64.233.187.99
google.com has address 72.14.207.99
google.com mail is handled by 10 smtp1.google.com.
google.com mail is handled by 10 smtp2.google.com.
google.com mail is handled by 10 smtp3.google.com.
google.com mail is handled by 10 smtp4.google.com.

depends a bit to which servers your talking, The dns servers talk to eachother right up to the 13 root dns servers
if you do a recursive query, but the whois's aren't interlinked afaik (but i don't really know all the protocols )
so who knows maybe they are.

specifying some in good old /etc/whois.conf
using some resources like http://www.math.utah.edu/whois.html
might help. But these days maybe the web based services are better?

I was doing some challenges lately, so i didn't post too much, let's try to change that

I'll begin with relaying a nice collection of links that fit into this category.
you can get the full list at http://tech.nocr.at/hacking-security/learn-to-hack
his "personal" blog is at room362.com

Most of these urls aren't too exciting, things that we know to do, manually just fine

Like reading the headers from a webserver, using "strings" on a binary file.

at the time of writing "evolition" appears to be down, but that's one of the more interesting
ones. You can google it all manually too probably... But hey sometimes tools to save a lot
of time. Ok also serversniff is offline apparently

i'll repeat the links here with my personal opinions attached.

http://www.paterva.com/web/Evolution/ has a nice interface, maybe it does a good job
http://www.centralops.net/ could help but nothing too shocking
http://www.virustotal.com/ i don't like online virus scans ...
http://research.sunbelt-software.com/default.aspx no idea about this
http://www.builtwith.com/ last time i checked this hardly worked at all
http://www.serversniff.net/ bunch of tidbits
http://www.nmap-online.com/ not even worth a mention unless you can get passed the only scan my own ip
http://www.whois.sc/ yet another whois, they claim it's good
http://www.dnsstuff.com/ they started limiting service, so that i just use dig.
http://network-tools.com/ more basic network tools
http://www.windowspms.com/ standard tools
http://spamspade.org just another whois?

one more i can add to this list is all-nettools.com

the idea is that most of these websites do the lookups for you, hence hiding your ip, from the "target" feel free to
give feedback on any of these... when they become available again