Open Source Intelligence (OSINT) Finding Breached Email Addresses In the course of OSINT or forensic investigations.

There are often times when you will need Open Source Intelligence (OSINT) Finding Breached Email Addresses :

an email password of the subject of your investigation. In a security assessment or pentest, you may want to check to see whether you can obtain the passwords of users in the target organization. Nearly everyday, another data breach takes place and those email addresses and other credentials are sold and exchanged on the dark web. If you can obtain those credentials, it will likely make your job much easier.

In previous tutorials, we have demonstrated a number of tools for finding breached email addresses and passwords including h8mail. In this tutorial, we will look at what may be the best tool for finding breached emails, passwords and other credentials, www.dehashed.com Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Step #1: Open a Browser and Navigate to www.dehashed.com

Open a browser and go to www.dehashed.com. Like many other sites such as haveIbeenpwned.com, dehashed collects emails and credentials from data dumps on the dark web that have been compromised by hackers. Unlike those other sites, dehashed provides you all the credentials for a particular email address from the various dumps.

For instance, as part of a forensics investigation of a scammer Instagram account (a legitimate IG account was taken over and used to scam men out of their money), I found the email address that the scammers were using, [email protected] (Note: this was the account the scammers were using, but actually belongs to another person and had been taken over by the scammers). From there, I entered the email address into dehashed.com Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Dehashed finds that the email address appeared in at least 3 data dumps. When we click on one of the dumps, dehashed tells us that we need a subscription to get the passwords or password hashes or other info.

Dehashed is relatively inexpensive and if you are working as an investigator or pentester, its simply a small cost for some key info.

Now that we have subscribed and logged into account, we do the search again. This time when we click on one of the dumps, the hashed password is revealed.

From there, we can then attempt to crack the hash using sites such as;

https://crackstation.net/

and

https://hashes.com/en/decrypt/hash

or use such hash cracking tools as John the Ripper or hashcat.

In some cases, the data dumps include other key information. In this dump, the account name, username and IP address are revealed.

This dump from Mathway, included names, Google and Facebook ID’s, email addresses, salted hashes and IP addresses.

Step #2: Try Another Email

Let’s now try another. This one belongs to a colleague, Mick Scott. His email address, as you might expect, is [email protected]. When we enter it into dehashed, it returns numerous results. When we click on the first result from a data dump of CouponMom.com from 2014, we can see that his password was dumped in plaintext “redinuzi17” Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Other dumps reveal another password “fender8”.

In another dump, his password was dumped as a hash.

Of course, the user is probably no longer using these passwords but human beings–as we know–tend to use a version of their old passwords. That is where tools such as crunch are so useful in creating variations of a password.

Summary

Whether you are doing an OSINT investigation or a penetration test, finding the credentials of your target can be critical to your success. Although a number of tools are available for obtaining breached credentials from data dumps, dehashed.com may be the best and fastest. Although it is not free, it is inexpensive and may very well be a good investment if you are working as an investigator or information security assessor/pentester Open Source Intelligence (OSINT) Finding Breached Email Addresses .

pen-supply intelligence or OSINT is a strong method, and it could deliver a lot of valuable statistics, if implemented efficiently with the right approach and accurate gear. In this newsletter, i will show you ways a hacker can get passwords of hundreds of email addresses without attacking the webserver or without using every other hacking technique; however, just the usage of the power of OSINT.

you may put into effect all of the techniques mentioned in this article manually; but, to decorate the operation and to maximize the result, we are able to utilize Maltego along with an internet service known as Have I been Pwned Open Source Intelligence (OSINT) Finding Breached Email Addresses ?

table of Contents
get right of entry to the Hacked Passwords Systematically
Step 1: Getting electronic mail addresses the usage of the e-mail harvesting tool, theHarvester
Step 2: importing the information into Maltego for in addition evaluation
Step three: find the breaches wherein the target e-mail addresses appeared
Step four: discover the obvious textual content Passwords of the Hacked e mail addresses
Step 5: try to report it to the authority
Endnote
access the Hacked Passwords Systematically
Blackhat hackers typically submit and publish statistics after hacking a webserver; as an example, they dumped Linkedin hacked bills and others. permit’s simply fetch all this treasured facts smartly. equipment used in this newsletter:

theHarvester
Maltego
Have I been Pawned
i have mentioned the configuration of Maltego with Have I been Pawned earlier than; so, allow’s just bypass this component.

Step 1: Getting e-mail addresses the use of the e-mail harvesting device, theHarvester
As a starting point, permit’s seek the google for email address the usage of theHarvester device.

# theHarvester -d hotmail.com -b google

Getting e mail addresses the use of the e-mail harvesting device, theHarvester

you may use any agency’s area or another specific target, if you have. A fundamental seek gave us lots of information (fifty four e mail addresses) to begin. permit’s replica some of them into the CSV report and import them into Maltego for in addition evaluation Open Source Intelligence (OSINT) Finding Breached Email Addresses . The cause for copying a few is the benefit of retaining the operation due to the fact, inside the Maltego, you will see a large connection of only some e-mail addresses.

Step 2: importing the information into Maltego for in addition analysis
uploading the facts into Maltego for in addition analysis

i am selecting the manual alternative, so no previous connection.

i’m deciding on the guide choice, so no previous connection. Step three: locate the breaches wherein the goal email addresses appeared
choose all the e-mail addresses, considering the fact that i have most effective imported eleven of them, and run the Have I been Pawned transform to check whether or not the goal email addresses been hacked before or now not. If it isn’t always the part of any breach, then just drop it; it’s of no use Open Source Intelligence (OSINT) Finding Breached Email Addresses .

locate the breaches wherein the goal electronic mail addresses seemed

There we are able to see so many e mail addresses appeared in lots of breaches. i’ve dropped a few, e-mail addresses out of eleven due to the fact they did no longer appear in any breach. remember the fact that we’re simply gathering information, no longer hacking or immediately attacking any server; so, if an email became not got hacked earlier than, it received’t be beneficial for us Open Source Intelligence (OSINT) Finding Breached Email Addresses .

electronic mail changed into now not were given hacked beforeStep four: discover the apparent text Passwords of the Hacked e mail addresses Open Source Intelligence (OSINT) Finding Breached Email Addresses
The maximum common practice in the enterprise is to stick or dump the hacked e-mail addresses info into Pastebin; it’s far a website in which you could store text for some unique time. This time, allow’s execute the 2nd remodel:

find the apparent text Passwords of the Hacked e-mail addressesEach e-mail addresses appearing in lots of Pastebin textual content Open Source Intelligence (OSINT) Finding Breached Email Addresses .

every email addresses performing in lots of Pastebin textual content.Open any Pastebin URL and examine the information.

Open any Pastebin URL and analyze the dataWahoo, very recent data with the obvious textual content password, email account, and the expiry date of a particular subscription, the blackhat men use this facts to ask a ransom. A not unusual guy does not recognise that a person published his personal statistics on-line Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Step 5: try and file it to the authority
Being a accountable cybersecurity expert, you must inform the authority or at the least make certain that the hacked website or service ought to notify about converting the password to all its participants Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Endnote

As you may see, the electricity of open-source intelligence gathering (OSINT), and we have commenced with only a random electronic mail obtained from the Google seek. believe a malicious character with evil reason can do OSINT research towards any particular goal, allow say an agency to check the worker info and feasible passwords. And as soon as the evil person were given the password, he can in addition dig into the corporation confidential statistics, or he can send his malware and backdoor to hack the whole agency. we have covered a comparable story; you should this out Open Source Intelligence (OSINT) Finding Breached Email Addresses .

OSINT investigators have a few seed statistics after they begin an investigation, as an instance they may start with an e-mail cope with. while we behavior OSINT investigations, having a goal’s electronic mail address can on occasion bring about locating a goldmine of facts approximately the consumer of that email. The reason can be to find as a good deal facts about a target’s e-mail which includes finding out what websites have registered accounts after which know-how what meaning for that target. This blog post covers my top five preferred OSINT assets while working with electronic mail addresses Open Source Intelligence (OSINT) Finding Breached Email Addresses .

let’s look at a few powerful OSINT equipment that reveal where email addresses had been used and offer extra statistics associated with that e-mail cope with, consequently giving us more information to research.

1. Epieos https://tools.epieos.com/e-mail.Hypertext Preprocessor is an account finder device that reveals account statistics without notifying the person. whilst you enter an electronic mail and complete the captcha, you get hold of effects of wherein that email has been used online. In the example mentioned below, it shows that the searched e-mail has accounts at the web sites Twitter, Spotify, Nike, Google, Eventbrite and Amazon. As an OSINT individual this tells me I must try to discover if the profiles on those web sites can be located via the usage of a seek engine or going at once to the site Open Source Intelligence (OSINT) Finding Breached Email Addresses .

instance:

OSINT Avenues:

discover in which an electronic mail deal with has bills
Pivot on that facts to locate more records about that account and person as an instance, if the user has Google maps reviews which can also screen connections to other humans or businesses.
If there’s an photograph within the Epieos results, proper click and open in a new tab to get a larger photo
reverse seek that photograph to peer in which else it exists online
2. Skype seek via the Skype App and it permits you to look for not best e mail addresses but names, usernames and contact numbers to see if they’re related to a Skype profile. As referred to in the instance beneath, we look for an electronic mail and find a profile related to the email Open Source Intelligence (OSINT) Finding Breached Email Addresses .

example:

look for an e-mail and discover a related Skype profile.

Skype username and birthday.

OSINT Avenues:

locating an account related to a target can also monitor the subsequent information which can help with building up a profile on a target:

Profile call
Profile picture
Username
Birthday
area

 Whoxy https://www.whoxy.com is a internet site related to several WHOIS associated searches.

My favourite one is the opposite WHOIS lookup for locating web sites related to electronic mail addresses. word that opposite WHOIS can also display historical statistics that isn’t always always legitimate so it’s essential to affirm your findings. In the instance below, from the dropdown search pick out “electronic mail deal with”, input an e mail and click on search Open Source Intelligence (OSINT) Finding Breached Email Addresses . The outcomes show a internet site associated with that e-mail cope with. this is in which you would conduct studies on this website and who might be associated with it. If the web page is now not to be had on-line, I endorse looking at the Wayback system to see if it became captured there Open Source Intelligence (OSINT) Finding Breached Email Addresses .

instance:

OSINT Avenues:

find websites associated to a goal email
Pivot at the internet site data to discover more data approximately it.
Use the Wayback system to find historic captures of the web site.
4. HaveIBeenPwned https://haveibeenpwned.com is a website to check if an e-mail or phone range was part of a facts breach. In the example beneath we entered a target’s e mail deal with and discovered out there’s been nine information breaches associated with this e mail cope with. The results suggest structures such as Dropbox, Epik, and LinkedIn which tell us this target has or had profiles setup on those platforms Open Source Intelligence (OSINT) Finding Breached Email Addresses .

instance:

HaveIbeenpwned.com search field

results from HaveIbeenpwned.com

OSINT Avenues:

find out wherein an e mail address has or had profiles Open Source Intelligence (OSINT) Finding Breached Email Addresses .
Pivot on that statistics by means of searching on those structures if there’s any open statistics approximately the goal.
five. That’s Them https://thatsthem.com is a people seek engine that lets in you numerous exclusive ways inclusive of thru email deal with. The outcomes can vary from precise information about a goal or minimal facts in which the website online redirects to a provider that desires you to pay for the search results. i have now not used the paid approach as I frequently find beneficial effects inside the loose version. commonplace effects encompass: the proprietor’s name, vicinity and phone number. hold in thoughts those results are for folks who live in the usa Open Source Intelligence (OSINT) Finding Breached Email Addresses .

instance:

Thatsthem.com seek container

results from Thatsthem.com

OSINT Avenues:

find the call of the individual the usage of an email cope with.
find the area, telephone number and different vital details associated with the email cope with.
Pivot on the information in the outcomes, meaning take the records and search in other locations such as Google and Bing Open Source Intelligence (OSINT) Finding Breached Email Addresses .
I recognise I stated five assets for e-mail addresses however here’s any other one for top success!

keep in mind MySpace?!! nicely, alot of human beings nonetheless have profiles on that platform so that you can sometimes discover a person’s antique profile, if they left it up, and on occasion you could locate published photos and connections to human beings.

input the following URL to your browser: https://myspace.com/search/[email protected]

and update “[email protected]” with the target’s e mail deal with Open Source Intelligence (OSINT) Finding Breached Email Addresses .

instance:

published pictures from MySpace associated with the e-mail cope with searched Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Connections to human beings on this MySpace profile.

irrespective of the OSINT gear we use, it’s critical to have the capacity to articulate, i.e. explain the why, what, and the way of your movements when engaging in on-line research. this means being thorough with knowledge the OSINT tools you use and the way they paintings Open Source Intelligence (OSINT) Finding Breached Email Addresses .

It’s helpful to arrange your OSINT equipment. I organize mine in keeping with the searchable data kind i’ve (e-mail cope with, phone wide variety. etc). That way when i have the task of looking handiest the use of an email deal with, i’ve the listing of assets on the way to deliver me a place to begin. take into account to add those 6 sources in your OSINT lists when seeking out records associated with an e mail deal with Open Source Intelligence (OSINT) Finding Breached Email Addresses .

Sources