Sunday, January 1, 2017

What is Social Engineering/Doxing?



Use of Doxing:
  • Hackers can track Innocent peoples data and hack their accounts.
  • Security Experts can trace the Hackers(can trace some innocent hackers only,N00bs). This will be helpful for solving Cyber Crime cases.

Definiton of Doxing:
Doxing is derived from Document Tracing. Doxing is tracing the information from internet resources about particular person.
Usually internet users left their information(like gender,name,city,..) in some websites(like social network,..).  So using some searching Techniques, we can gather complete data about a person.  This type of searching(tracing) is known as Doxing. This data can be used to hack their account or trace them.
What you can find using Doxing?
  • Real Name, age,gender
  • Email id, registered websites
  • Social Network Page(facebook,twitter links)
  • Address, Phone Number
  • Parent’s Names and their Jobs
  • Place of Education (School/University etc.)
  • Relatives
  • and more data
From where you are going to start?
Yes, if you know person real name, then start from his name.  If you know the username then start from there. or if you know any other data, start from there  Using name or username , search for other information in google.
How to do Doxing?
Just assume you want to gather information about one of forum member.  Let us assume his username is peter.  If you search in google as “peter” , you will get thousands results about peter. So what you are going to  do?
You have to some other information about peter in that forum itself.  For example , You got his birthday.  Now you can continue your searching with “peter xx/xx/xxx”.  This will reduce the resutls.
Not only birthday, you can use some other info like signature.  For example if he put signature in forum as “Dare Devil”.  You can continue searching using “Peter Dare Devil”.  This will reduce the Results.
Sometime your target person registered in multiple forums, websites,social networks… So while searching ,you will get result of registered website of him using that username or info.
Read Each posts of target person, he might left some more information about him any one of forums or websites.
Using Email Address for Tracing:
If you got the email address of target person, it is much easier to trace the person. You can search using in the following sites. you may get some data.
Websites that will be useful for Doxing:
www.myspace.com
www.bebo.com
www.facebook.com
www.google.comwww.wink.com
www.123people.com
www.zabasearch.com
What is Doxing?
"Doxing" is the act of finding out ones personal information (Name,address,phone#) from some kind of online account. Anonymous is legend for working together to Dox people that commit some kind of crime.
Where to start?
Here is a small list of sites to try once you have something to go on.
http://www.pipl.com/username/
http://checkusernames.com/
Both of these sites can help you find sites that your target has registered on (assuming the username is not incredibly common). Pipl.com can also help you once you find out information like First/Last name or Phone number.
http://www.fonefinder.net
This site can help you once you find the phone number, even if it is a cellphone you can still narrow down the location of the user. It never gets the town perfect but it DOES give you the correct state, general location, and service provider of the phone(which may help you with social engineering).
http://www.tineye.com/
GREAT resource. Upload or link to a picture on this site and it will find matches on the internet, even if the match is not 100% perfect. So take for instance someone's Facebook picture, using this you may find their myspace or accounts elsewhere.
http://www.intelius.com/
An all around person search; criminal records, email, social networks, phone numbers.. ect.
In my experience not always the best however worth noting. You can find any other site related to target person and search for his data.
Doxing needs Intelligence:
Doxing needs Intelligence and searching ability.  You have to guess where to search and what to search about person.  Depending on searching ability, you will get what you required.
Security Question:
Hacker can get the victim’s security question answer using doxing.
For example, if your questions is “What is your pet?”, he may guess. He will search with email or username . you may left your my pet is xxx. So now you are the victim.
Dictionary Attack:
Hackers can gather information about the victim and create a dictionary file(wordlist) for a target person alone.  Using that dictionary file , he can crack your passwords.
Conclusion:
Doxing is one of powerful hacking method.
Security Tips of Users:
Don’t use Internet.  This is best security tip because your data can be traced by anyone.  sounds crazy?! No one like to leave the Internet.  So  i am giving some other tips for you.
  • Be careful when you give information in internet.
  • Use very Strong passwords .
  •  Don’t set Stupid security Question for account.

2 comments:

  1. traders insurance is a well-reputed platform that has been providing multiple insurances to those who have big plans.

    ReplyDelete
  2. FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
    (Spammed From Credit Bureau of USA)

    =>Contact 24/7<=

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS

    Employee & Bank details included
    CC & CVV'S ONLY USA $8 FOR EACH

    $1 for SSN+DOB
    $2 for SSN+DOB+DL
    $5 for High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term
    ->Very fast delivery

    PLEASE DON'T ASK ANYTHING FOR FREE

    TOOLS & TUTORIALS AVAILABLE FOR SPAMMING & HACKING

    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector = 250$
    Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc) =25$
    Paypal Logins = 150$ (10 Logins)
    Bitcoin Cracker = 500$
    SMTP Linux Root = 300$
    DUMPS with pins track 1 and 2 = 85$
    Socks, rdp's, vpn = 25$
    Php mailer = 25$
    Server I.P's = 100$ (1k ip's)
    HQ Emails with passwords = 100$ (1k emails+pass)

    *If you need a valid vendor it's very prime chance, you'll never be disappointed*

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    ReplyDelete