How To: Gathering Sensitive Information: Basics & Fundamentals of DoXing

Gathering Sensitive Information: Basics & Fundamentals of DoXing

Gathering Sensitive Information: Basics & Fundamentals of DoXing

I mentioned in 2015 I wanted to start a 'DoXing' series, and since I havent seen this on Null Byte, I am now going to introduce this to the community.

What Is DoXing?

DoXing is a term we hackers use when gathering information on a target such as a company or more likely an individual. DoXing is usually meant for malicious intents, however this can most definitely also be used in a very good way, such as tracking down terrorists, and wanted black hat hackers.

DoXing is short for Documents > Doc = DoX.

DoXing isnt just typing words in Google or a different search engine.

Understanding Where to Look:

When gathering information on a target, it would be good to do some recon first on your target. Get familiar with them, know who they talk to, where they communicate, what social media platforms they use, that way your methods of obtaining sensitive information will be more effective.

Something that many doesn't realize is that the nformation you are seeking is always stored somewhere, you just need to look harder. if Google or Yahoo doesnt have it, then it is likely stored in a database, which then goes beyond the area of DoXing and more into cracking.

When DoXing someone you usually get all your information without having to crack into your targets devices or private servers.

It is actually legal to release DoX of individuals and whomever you wish, because the information you are obtaining are public

So you won't get in jail for releasing a DoX. Yes, I am not kidding.

Sometimes you will have to reach out to your target in order to obtain an IP address for example. You can do this by for example sending them an IP harvesting link. If you know the individual in person this wont be at all suspicious.

How to Look:

Even though you have your targets first & last name, you still need to know how to properly use this information in order to obtain more, and using that info to get even further, and so on.

Luckily we have search engines which are powerful because they hold a lot of valuable information to a curious information seeker. So, how would you seek more information when having first & last name, in this case lets say our targets name is Michael Oregon. And all we know about this individual is how he looks like, which gives us a great advantage of finding his social medias.

Google

When looking for info on Google, you can use something called advanced search queries They are able to find more precise information.

An example would be: @MichaelOregon or @(city/country) Michael Oregon. That way you narrow it down tremendously, and exclude any useless article that might contain the word Michael or Oregon.

There are even more advanced queries than these which I will cover in future articles.

DoXing Format:

I'm ending this with how a DoXing format can look like. Keep in mind they can be very basic, to very very advanced. It can be scary how much an advanced DoXing format can look like, because the average internet user isnt aware of how much sensitive information that person have.

DoXing, would also be considered Passive Reconnaissance, because you are obtaining all of this info without your target knowing so.

I have created a very basic DoX format which any decent hacker would be able to furfill Beginner DoX

This is a little more advanced DoX and requires little more skill to furfill in my opinion. Advanced DoX

This one is very advanced and it takes a lot of knowledge and skill to complete this, because you need to know what you are doing to obtain this information. Veteran DoX

Disclaimer: this is not for malicious purposes I am teaching you this, and I do not support any unethical use of these formats. I am planning on teaching you how to avoid getting DoXed in the future also.

Hope you are excited for this series, as I now officially have three series going, TypoGuy Explaining Anonymity which is almost finished, Gathering Sensitive Information which is just started & Keeping your Hacking Identity Secret which is also just started.

14 Comments

One mistake: releasing a dox CAN be illegal! It is completely legal to just dox someone (because like you said, the info is public), but it may be illegal to release a dox publically, depending on the content and the way it is published. It usually falls under "naming & shaming".

-Phoenix750

Many people have argued with me about DOXes (especially leaking IP's) as "illegal". I think the legality depends more along the lines of the intent.

Shame/defacement is again based on intentions.

yeah I've yet to heard of one person going to jail for Doxing. If pple were being sent to jail for consolidating information that can otherwise be publicly found elsewhere, we'd all be in jail. If the DoX contains PII or credit card information, that's another thing. Defacing property- virtual or otherwise- is always illegal. You can shame pple as much as you want as long as the information you're shaming them about is true. If it is not true, and the target party can PROVE it's not true, then you open yourself up to being sued for slander or libel, depending on the status of individual you're targeting (private citizen vs public authority)

there is no such law about "naming and shaming". There ARE laws against defamation, libel and slander but if all you're doing is posting information that can already be publicly found then, you're not doing anything more than consolidating the information.

very correct, however some information is stored with some sort of protection, and releasing such info would be illegal.

You are completely correct, I should have added a little more in depth in that statement

I hope to see more of this series in the future, and I hope you'll eventually tie DoXing into social engineering.

-Defalt

I will definitely remember that and take that to use in future posts.

I'm curious on how we can apply doxing to get better results with CUPP. Do you plan on covering that, TypoGuy?

-Phoenix750

I am not much familiar with CUPP, so it would be slightly difficult for me to properly explain that area, so feel free to make a tutorial on that.

CUPP is very simple to use, really. Check out the tutorial I linked.

-Phoenix750

TypoGuy you've returned!

Here's another powerful tool to add to your Dox arsenal:
profileEngine.com
It's a bit like the "Way Back Machine" ( archive.org/web/ ) but for... profiles.

Share Your Thoughts

  • Hot
  • Latest