Jump to content

Question About Gathering Info


Remotesh
 Share

Recommended Posts

A week or two ago, there was a kid who arp poisoned his school's network.

He posted something along the lines, "You guys don't know who I am!".

Well needless to say, one of you guys found out all of his information,

IP address, servers, websites, and other stuff, and recent searches through his proxy (He was looking at some weird fetishes)

I get how you guys found his twitter and such (was the same username).

How did you find all of the rest out?

I am most curious on how you found out what he was searching through his proxy.

Thanks for the help.

-Remotesh

Edited by Remotesh
Link to comment
Share on other sites

Everything I found on him was through google. There are other tools I could have used, but Google gave me enough to go by and compile a list of things to search further. If you want to do lookups on people, you generally only need something unique about them, and hope that they have an online presence thats been indexed somewhere. With regard to the proxy, he uses Chrome, which by default does not block site referrers. The sites he visited used google analytics, which google also uses in its search engine indexing. A combination of the right things in the right place, and it was possible to see where he had been based on how google had cached the referring URL of his sites proxy. While this might not have been him alone, and probably other people at his school using it, it did leave a pretty weird trail of fetish sites visited via his "school only" proxy.

Another tool that could have been used is Maltego. I didn't even get this far, since google had enough meat and potatoes to give me what I needed, but its also a great tool for doing people searches and following email addresses or names, phone numbers, etc. I personally liked some of the early versions of Maltego, and not too fond of the latest, as it seems a bit more clunky for me, but then again, I have more fun doing things manually with Google and social networking sites, since Google's index is pretty much everywhere if you know how to structure your searches.

Link to comment
Share on other sites

That's why I am not much into this whole social networking sites. I don't like living too many digital footprints behind.

Link to comment
Share on other sites

That's why I am not much into this whole social networking sites. I don't like living too many digital footprints behind.

Then I must ask you, since I don't know a whole lot about you. Are you from Adelaide, Australia? Do you use "Australia Adelaide Internet Service Provider"? Do you work for or own logicalsolutionsllc.com? You claim to be MCP certified, but having gotten certified myself, I know they provided me with access to logos for placing on my site, resume, etc, yet your profile links to an MCP pic on some other site that doesn't necessarily mean you have ties to it, nor proves you have an MCP just because its linked to in your profile.

edit: Well, one of the techniques I use in getting peoples info, is also baiting. If you must know, this post was written specifically for it, and Infiltrator, you pretty much confirmed my findings. You are on x.x.x.adl2.internode.on.net, owned by "Australia Adelaide Internet Service Provider", your OS is Windows 7, and you use Chrome as your browser. The above stuff about your MCP, etc, was more or less to get you to view the topic(hope you didn't take offense to it, it was just to use you as an example), which aloud me to confirm some of the key points about you via my own server logs. Having your IP then allows someone to do further data mining, since you might visit sites who's logs are public online, such as an IRC chat log, server stats, spam block lists, etc.

There are a number of ways to gather the info undetected, but I figured I would use Infiltrator's post as an example to show that, if someone wants to find you, they will find a way.

Best way to stay anonymous, is just that. Don't post anything on any sites, don't sign up for anything, mask your ISP's internet address, proxy or stealth yourself in some other manner(ie: ssh tunnel, vpn, etc), know that any site you ever visit will have your IP, OS, Browser version, etc, so using disinformation for any of this is always a good idea when malicious sites will insert scripts specifically for your OS, browser, etc. Spoofing as much data about yourself as possible is kind of required these days just to stay safe from the real predators, and they won't announce themselves in the manner that I just did. I've got no ill intent, but I do enjoy a good hunt ;)

Edited by digip
Link to comment
Share on other sites

Then I must ask you, since I don't know a whole lot about you. Are you from Adelaide, Australia? Do you use "Australia Adelaide Internet Service Provider"? Do you work for or own logicalsolutionsllc.com? You claim to be MCP certified, but having gotten certified myself, I know they provided me with access to logos for placing on my site, resume, etc, yet your profile links to an MCP pic on some other site that doesn't necessarily mean you have ties to it, nor proves you have an MCP just because its linked to in your profile.

bait.png

I do live in Australia but I am not from Adelaide. Adelaide is where my ISP is based. FYI, I don't claim to be a Microsoft MCP certified, on the contrary I am certified and have been provided with the Microsoft Certificate of Excellence.

Moreover, the reason the MCP pic links to an unknown site, is because my Hak5 account doesn't have enough storage space to allow me to upload it. Furthermore, I never heard of Logicalsolutionsllc.com, it may be linked to another user called Infiltrator.

By the way, how did you know I live in Australia, I could be living in another country.

Link to comment
Share on other sites

I do live in Australia but I am not from Adelaide. Adelaide is where my ISP is based. FYI, I don't claim to be a Microsoft MCP certified, on the contrary I am certified and have been provided with the Microsoft Certificate of Excellence.

Moreover, the reason the MCP pic links to an unknown site, is because my Hak5 account doesn't have enough storage space to allow me to upload it. Furthermore, I never heard of Logicalsolutionsllc.com, it may be linked to another user called Infiltrator.

By the way, how did you know I live in Australia, I could be living in another country.

I wasn't trying to offend you, just used you as an example to illustrate something. And i beleive you if you say you are MCP, I have no reason to otherwise, just used that as a sort of jab/bait to get the info confirmed. Logicalsolutionsllc.com is where your MCP pic is linked from in your profile, so thats why I asked what affiliation you had with it. - logicalsolutionsllc.com/Images/Microsoft/Microsoft%20Certified%20Professional.gif

One of the things I didn't disclose was the use of pics from my own servers. Having posted a transparent one in the previous post(now removed) I was able to gather the info I wanted. I used similar technique with the other thread where I posted the "dont feed the trolls" pic as just that, bait for that troll. I didn't use the same pic for you, mainly because I don't feel that way about you, so wasn't appropriate in this instance. But it gives you an idea now, that even when we feel like we've been careful, safe with our info, we still have to give up some info to reach a place like this forum, and if I can find this info, I'm more than sure enough someone else can.

The ads for instance that are embedded on this forum for example, use a flash swf file to load the linked image. The problem with this(and also one of the reasons I block ads) is that the specific flash file in use(luckily hosted on amazon s3 and not within the same domain context) contains a XSS flaw(but not really executable in this context), where someone could use it steal cookies from forum users. Since its not on the same domain as hak5, the chances of this are greatly reduced since the browser(s) in use today, shouldn't give out cookies to domains other than the root domain for hak5, or in this case forums.hak5.org sub domain.

Edited by digip
Link to comment
Share on other sites

Don't you worry mate, you didn't offend me in any way. You were right in asking me on whether I was certified or not. Anyone else would've done that, so don't take it personally.

Edit: Nice technique by the way... Never thought about that before, thanks for sharing tough

Edited by Infiltrator
Link to comment
Share on other sites

Do me next

Hmm. BigMac Turdsplash? You like root kits and ruby. Tacoma, WA maybe? Born in 1986? Comcast is your ISP or at least was in 2010.

Edited by digip
Link to comment
Share on other sites

Do me next

You have been working on a Ruby project that involves building a vulnerability scanner?

Also you have a Youtube account but it doesn't seem to have any videos linked to it

I also have found logs of your IRC chats, on michaelgreb.com and your nickname is bigmac

And have to agree with Digip that your ISP is Comcast.

On a side note, do you own a domain called www.i8igmac.com

Edited by Infiltrator
Link to comment
Share on other sites

spooky lol, thats sweet, im assuming your using a lot of google dorks for these finding? i've recently been playing with some basic google dorks and would like to go deeper in the subject, i've been reading "google hacking for penetrations testers v2" and i just picked up a copy of "social engineering: the art of human hacking". i used to use one of the common phone number/email/name look up websites to find information on things, but i feel like i could find a lot more once i get a hang of the google dorks and what not. i recently got into this subject because a man walked up to me in borders (while i was picking up the social engineering book) claiming to be with a company called ULM global (claimed to work with fortune 500 companys), and immediately tried offering me a job. the whole thing seemed fishy and after talking to him for 15 minutes i got some "information" on him that lead me to believe it was all a scam, he didn't live anywhere near the town he told me he did, name was fake, the business phone numbers were residential. all because he gave me his real email i got out of what could have possibly (probably) been a scam.

any recommendations on sites/books/tools on gathering information besides the ones previously listed?

Link to comment
Share on other sites

spooky lol, thats sweet, im assuming your using a lot of google dorks for these finding? i've recently been playing with some basic google dorks and would like to go deeper in the subject, i've been reading "google hacking for penetrations testers v2" and i just picked up a copy of "social engineering: the art of human hacking". i used to use one of the common phone number/email/name look up websites to find information on things, but i feel like i could find a lot more once i get a hang of the google dorks and what not. i recently got into this subject because a man walked up to me in borders (while i was picking up the social engineering book) claiming to be with a company called ULM global (claimed to work with fortune 500 companys), and immediately tried offering me a job. the whole thing seemed fishy and after talking to him for 15 minutes i got some "information" on him that lead me to believe it was all a scam, he didn't live anywhere near the town he told me he did, name was fake, the business phone numbers were residential. all because he gave me his real email i got out of what could have possibly (probably) been a scam.

any recommendations on sites/books/tools on gathering information besides the ones previously listed?

Start downloading the SE podcast and read some of the newsletters the put out. Chris and the gang do a bang up job, and most of the people they interview, have no affiliation with computers and security, which is a nice twist because they give you real world people using SE skills on a daily basis. Info gathering is as much socializing as it is covert reconnaissance. Interacting with the targets without their knowledge is just one way to field out more info that you can then look up in various places. You need to be as smooth offline as you are on, so if you don't have the gift to gab or not confident speaking, then practice that more than anything. The rest kind of takes care of itself, so long as you can get key info out of people you'll have something to work with. Insults generally work well too, since you can bait people into doing things, but this is kind of a tactic to use sparingly, since it also can backfire and send a shit storm your way in the process. Like G.I. Joe says in the cartoon, "Knowing is half the battle"

Link to comment
Share on other sites

any recommendations on sites/books/tools on gathering information besides the ones previously listed?

The social engineering: the art of human hacking is definitely a book I will be buying.

As for the tool side of things look into Maltego, http://www.paterva.com/web5/

Link to comment
Share on other sites

thanks digip, ill start listening to those, only ones i keep up on are the 2600 ones

and infiltrator, i took a look at maltego a while back when i first downloaded bt4 and i just brushed it off, (didn't want to register) but i just registered about a week ago and have been playing around with it a bit and it seems really nice, definitely going to add that shortcut to my bt5 desktop and keep playing around with it.

i appreciate all the insight guys, im finally about to take my first certification this fall and hopefully get the heck out of radioshack and get some IT hours in somewhere, even if it is a call center.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...