This is second post in my series of posts for finding hacked accounts online. Please do read the part 1 of the post at https://null-byte.wonderhowto.com/how-to/find-hacked-accounts-online-part-1-haveibeenpwned-0164611/
In this post we will explore more about finding hacked accounts online, what to look for in pastes, discarding pastes which are not useful, testing sample from pastes, and more. Please note practice is the key here. The more you do it the more successful you will be in finding what you are looking for. Below is the method that I follow when I go looking for information. Overtime and with practice you'll be able to find out what best works for you.
NOTE: Please note that this article is for information purposes only and please do not put it to illegal use whatsoever. You can get tracked if you do not know what you are doing.
What are we looking for?
It depends, there is lot of information out there and we just want to filter it out and focus on what we need. You will find more information out there other that just credentials (usernames and passwords), but we will only focus on that for the sake of this article. Other information you will find includes credit card numbers, DOXED info, SSNs, bitcoin accounts, and many more…
Use VPN connections for browsing and incognito/private mode on your browsers. You don't want to mess your cookies and of course beware of tracking.
As I have said before, this is what I do, so you are free to do whatever you feel serves you best. Open the top 10 (Or top 5) pastes in different tabs. Now open each of the tab have a look at the contents and close the tab or keep it open based on the information discussed below. Always remember to scroll through the page and check all the contents before closing the tab.
Just email addresses: It's not what we are after so just close these pastes without wasting time.
Hacking notices: Just read the notice and find out what it lists, sometimes the data is included there and sometimes it's just links to legitimate or fake sources. Be cautious of what you download and open, this may very well be traps for users who do not know what they are doing. So remember the golden rule, if the info is not on the paste itself just close the damn tab.
Data in other formats: Such as a database dump OR encrypted passwords OR data dump for a specific site etc. Keep the tab open and proceed onto the next tab.
Great we have filtered some of the garbage and now have some potential pastes with us which we can proceed with.
Let's examine one of our tabs with list of usernames and passwords in plaintext.
Finding legitimate passwords: Read through the usernames and passwords of some of the list entries. If most of the passwords listed are simple and repeated over multiple times. You can close this tab too. We are not afraid of closing tabs as we have plenty of data to play with. So do not hesitate if you don't get right information. Example of simple passwords: 12345, password, same password as username, up to 5 random letters or numbers etc.
Getting password hashes: Sometimes hashed passwords will be listed instead in plaintext. To get around these use https://crackstation.net/
Just copy and paste ten hashes form the dump and click crack hashes; you will get the result in a snap. Just remember not all hashes will result in revealing passwords.
Finally, you will have some of the tabs open with credentials you can try to log into. Pick a username and password and try to log into the service. Depending upon the source you may or may not be able to get in.
- A note about google accounts: Believe it or not if you find a Gmail account it's not that easy to get in even if you find the correct passwords. Google tracks everything and will throw up a challenge or something to prove that you are legitimate user. That does not mean they cannot be hacked but just a note for something to keep in mind.
- Same password on multiple services: No matter how many times it is repeated but people use same password for multiple sites. So you can take your wins to next level by trying same password on multiple services.
- Accounts other than google, yahoo, hotmail, outlook etc. which are on the main services are harder to get into so look for accounts with other services which are not that secure like emails endin with .edu or .net etc.
- Use Ctrl + F key on your keyboard to look for specific text on a page with long list of entries.
Do give Kudos if you liked this article. In next part we will look more into other sources we can get juicy information from, how to proceed with it, and finding juicy info in pastes which were deleted by pastebin.
EDIT: Part 3 is live now on https://null-byte.wonderhowto.com/how-to/find-hacked-accounts-online-part-3-cached-pages-0164614/