BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly

 

Saturday, January 28, 2012

Doxing : a short guide

0 comments
Doxing : a short guide

What is Doxing?:

Doxing is the activity of using the information people put on their forum profiles or accounts to find who they are in the real world. Information that a you will be looking for, would be things such as: EVERYTHING! You would aim to look for everything he could find about you, and then try to social engineering you, revert you, etc. This may not necessarily be on the internet, but most of the time, it is. 

Where to begin:

Basically, any personal information you have on the target will be helpful, whether it be a social networking page (facebook, twitter, myspace , etc.) , their full name(or even their first name), their general location, their phone number, ANYTHING. Social-Engineering is very closely related to doxing, as you can social-engineer the target into revealing information about themselves. Knowing how to trace IP’s can also be helpful, as say, for example, if you have a full name, but no location, searching for that one name out of the whole world. there’s going to be a lot of people with that name, but if you’re searching for someone with that name, living in a certain city, it narrows it down drastically. 

Compiling/formatting your dox:

Placing your dox/dossier in an eye-friendly format will save you a lot of time in the long run, and will avoid confusion. You should make a template to store your dox in, before attempting doxing. Here is a suggested template to store your dox in, it can be modified to suit your needs, but it covers the basics.

Legend: # means (if any)
Dox:

Usernames/Online Aliases:
Age
Real name:
Real Nickname(s):
Location:
Ethnicity:
Nationality:
Sex:
Family members:
Occupation:
#Pictures
#Videos
IP address:
Religious Views:
Home number :
#Mobile number:
#Websites owned :
#Social-Networking pages:
#Forums they’ve posted in:
#Criminal Record:
#Car make, model and liscence number:
List of all websites with their info on:
Likes/ dislikes:
Misc. Information (Any information is information ):
Getting the target’s IP:

There are various methods of doing this, although i’m not going to go too in-depth into this. Programs such as Cain and Abel (packet sniffers) can be used, but these applications aren’t always needed. Over MSN, the easiest option is to send someone a file or webcam then. 
Go to run (assuming you are using windows) > cmd , then type ‘netstat -n’, send the target a file, or have them send you a file, or go on webcam with them, and repeat the process. Find the difference between the two lists. The IP that wasn’t previously there is the target’s IP. If you’re on a website with the target, you can get their IP by them seeing an image you have hosted. You will need a website for this. Host an image on your website, and put it as your avatar, PM the target, then view the visitor logs for your website, and the target’s IP will be available. You could also simply send the target a link to your site, and then view their IP that way. 

Scenarios:

I have a target’s online username/alias, what next?

Well, you’re probably thinking having only the online username of a target is completely useless. Think again, take the FBI for example, when they’re doxing, the first thing they’re going to look for is information leading directly to the location of the target, or the targets ISP, say the target is using multiple proxies/vpn’s, etc, this may be too hard for the FBI to accomplish, so instead, they’ll start doxing the target by finding information about their usernames/aliases, when the FBI dox, that’s always what they look for first. You can have loads of proxies, but you should have even more aliases than you do proxies. Think of it this way, if they’re registered on any forum with a certain username, chances are they’re going to be registered on other websites with that same username (if they are stupid).

First thing to do, is to run a google search of their username, and see if any interesting websites come up, any forums that they are registered on, etc. If you do find something, see if you can view their profile, as they may have their date of birth, or email address, or something similar there. If they have registered on a forum, you can also sift through all of their posts, to see if they have let slip any personal information, but this can be time-consuming. After google searching their name, regardless of whether you get anything useful or not, you should try searching their username.

I have a target’s name, what next?

Once you have a target’s name, you’ve got pretty far. Chances are, you’ll know their general location by the point when you’ve got their name, but if not, you need to strive to find that out. Start with a google search of their name, it may bring up some social-networking sites, although this generally doesn’t work if they have an exceptionally commonly used name. Once you have their name and general location, you want to proceed straight to getting their address and phone number. You want to do this by searching various websites, such as phonebooks, and online electoral roll databases, below, are some useful sites for doing so:

http://www.whitepages.com/person
http://www.zabasearch.com/
www.google.com
http://www.foo.com/
http://www.lookuppeople.co.uk
http://yellowpages.com
http://pipl.com
I have a target’s Email Address, what next?

First off, as usual  , start by google searching the targets email address. Generally, you don’t get information from this, but you may be surprised, if they’ve signed up on a website using their email address, that information might be available to you in a simple google search. You can also social engineer a target into sending you an email with an attachment, hovering over the attachment in windows, should give you the name of the author, right click > properties, which will generally be their name, if they’ve set up their PC using the correct details. Having a targets email can also be a great opportunity for social-engineering/manipulating them. If you can view your target’s account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
You can find info with your target’s email with these sites:

www.emailfinder.com
www.myfreeemailsearch.com
I have a targets phone number, what next?
A google search will probably be useless this time, but there’s still a very slim chance, so try it anyways. Performing a reverse-phone lookup is probably the best choice here. Sadly, there’s now no longer a reverse phone lookup for the united kingdom available on the internet.

People in the USA are in luck, below are a few which work:

www.usaphonelookup.com
www.phonenumbers.addresses.com/phone.php
www.whitepages.com/reverse-lookup
www.fonefinder.com
Protecting yourself:

Don't use the Internet. This is best security tip because your data can be traced by anyone. Sounds crazy?! Well, no one likes to leave the Internet. So, here are a few tips/pointers for you:

-Be careful when you give information on the internet. (This is up to you, because I do not control your social life. If you want to have 5 social networking pages that reveal info about yourself, you will just be more vulnerable to doxers.)

-Use very Strong passwords with (letters, (upper and lower case), symbols and digits). Learn more about bruteforcing and rainbow tables to get a better idea.

-Don't set stupid security questions that can be guessed easily or if anyone has information on you.
Well, as the Internet becomes more and more useful and addicting, it will become harder to not get doxed. The main issue for most targets is their security questions, and their password security. If a target has a very easy-to-find recovery question, then the target will be easily reverted within a matter of seconds. Also, if the target has a simple password, it could get brute forced simply by using a wordlist that applies to the target’s interests, likes, and fancies (of course, this method is not as popular). The ultimate rule to not getting Doxed is… to just stay off the Internet, but who wants to do that?

Finally:

Doxing needs Intelligence and searching ability. You have to guess where to search and what to search about your target. Depending on your searching ability, you will get what you require/want to know.
©2011, copyright BLACK BURN

0 comments:

Post a Comment

 

7 Years Earning Experience

The Earning Source You Can Trust