Gathering Sensitive Information: Scouting Media Profiles for Target Information
Here I will show you how to properly dig information on the web that has already been published, you just dont know it.
Well, as many of you might or might not know, many and I mean many people do actually keep info on their profiles that they do not need to keep on their. Their profile won't crash if they remove it, yet they dont even think about it.
This type of info varies from phone numbers to emails addresses etc.
Now, I will teach you how to find this info to fill out your DoX.
Well, since we already have Michaels full name and know a little bit more, we'll be able to narrow our searching tremendously. First it'd be clever to do an advanced search query on Google.
It's good to know before hand that you obviously won't stumble upon a bank account by doing this, just so you dont get disappointed (you never know)
However, you will and can still find very useful info that we have yet to obtain.
You might already be aware of this, because this is quite the basic of this process, however it is still worth mentioning.
On Facebook, many people have and might still have their email & number listed on their About section. Which is unnecessary, however some don't care to remove it. And that in our case, makes it pleasant for us because we can now easily get Michael's email and phone number from his Facebook page.
However, this epidemic of carelessness might not be present anymore, might depend on where you live or what not, I dont know.
Even on Twitter, some people have maybe a website listed there because they want to promote whatever business they have going, or work for. This makes it a GOLD MINE for us, because we can then 'attack' or at least recon this website for IP addresses and all that good stuff there, and go straight to the source of our mission.
Again, some might have some info listed, and some won't. People have actually become more aware of what they have on their profiles, at least in my experience.
During this process you will come across many websites that contain your targets information, trust me I know this first hand. This can be very basic information, to more complex info, which is useful either way for us.
What I mean more precisely by this, is that when you are searching on Google with advanced search queries, you will narrow it down to specifically the person you are seeking, and therefore you will hopefully get some websites appearing, social media profiles you didnt know he/she had. And who knows, maybe even some very old profiles the person didn't delete.
You can come across old addresses, and if you are very lucky maybe even a neighbor, and that can also be useful if you are willing to put a little more effort into your quest.
Let's now go over how to grab info from a website.
Here we'll be going more technical and will be needing some hacking tools, such as Kali Linux, or just nmap really. Scanning the website for ip addresses, DNS, ports, all of that basic stuff.
(This step is of course if you are planning on attacking this website)
After that we will look for some vulnerabilities to this website.
Here it varies on the vulnerabilities this website have, and your plan of attack will have to based upon those results.
Gaining admin privileges is a very difficult thing to do, but if you can accomplish this, everything from here will be a cake walk, because you will have everything at your disposal.
That is a simple process of how you could gather useful DoXing information from a website if you are going to attack it, and if you dont want to attack it of course.
Hope i'll see you in the next tutorial for this series as it will continue.