HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 36 guests and 2 members online
 
Advertisement

You are here: Home arrow Resourcesarrow Tutorialsarrow Hacking (harvesting) email addresses tutorial please!
EH-Net
May 18, 2013, 08:34:20 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Hacking (harvesting) email addresses tutorial please!  (Read 11072 times)
0 Members and 1 Guest are viewing this topic.
Sistem74
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: September 05, 2009, 03:45:32 AM »
Hallo,

I have Ecrawl and Atomic Email Hunter to harvest email addresses but they all suck.

How can I get into a site and collect email addresses? Any tutorials?

Thank you!
Logged
LSOChris
Guest
« Reply #1 on: September 05, 2009, 08:30:39 AM »
wget & grep  + brain ?!?
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #2 on: September 05, 2009, 10:00:18 AM »
Not what we do here at the 'Ethical' Hacker Network.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #3 on: September 05, 2009, 02:42:01 PM »
After a great offline discussion with an EH-Net Member, I unlocked this topic. Let's see where it goes. Hopefully it stays within the legal realm of pen testing.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #4 on: September 05, 2009, 03:14:57 PM »
Chris G's method would be great, I'll have to add it to my list.  Google + site's domain name would be another way. 1 search google for just the site, 2 search google for just the @domain_name.

I think the big question is though, why do want the email address?

From a pentest perspective, I could see collecting the different email addresses for trying to get possible log in names, or people in the company to try and impersonate for Social Engineering.

From a security standpoint to see if people are spoofing your comapny / found an open relay.

From a non-security related world, the only legal reason I could see doing this would be for an EECB (Executive Email Carpet Bomb). http://consumerist.com/259713/how-to-launch-an-executive-email-carpet-bomb

There are other methods, if I recall correctly, covered in Hacking for Dummies. But you really should only try to get email address for ETHICAL reasons. Spamming people is bad. Trying to get the information for just showing of is bad too.
Logged
OSWP, Sec+
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #5 on: September 05, 2009, 07:08:38 PM »
Dont forget Maltego!  Smiley
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #6 on: September 05, 2009, 10:27:54 PM »
theharvester.py is the best tool for the job most of the time.

Also maltego and BiLE suite can help with it.
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
Sistem74
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #7 on: September 06, 2009, 01:53:32 AM »
Thanks you guys. Very interesting answers.
Logged
LSOChris
Guest
« Reply #8 on: September 06, 2009, 07:53:35 AM »
Quote from: don on September 05, 2009, 10:00:18 AM
Not what we do here at the 'Ethical' Hacker Network.

Don

what don? use our brains? yes we do!  Grin
Logged
LSOChris
Guest
« Reply #9 on: September 06, 2009, 07:59:45 AM »
a more serious answer would be...

1. maltgeo

2. theHarvestor (there are a couple of other google email crawlers most outdated based on google changing the way they return results)

3.  google for target site:blah.com @blah.com (doesnt work so great anymore though)

4. use webbrowser + brain to figure out email naming convention of target

5. use metagoofil to extract metadata and usernames

6. either programatically or by hand join 1-5 together for your hopefully authorized SE activity.
« Last Edit: September 07, 2009, 01:52:24 PM by ChrisG » Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #10 on: September 06, 2009, 12:52:57 PM »
I would recommend metagoofil and Maltego as well.

Haven't heard of theharvester.py before, but will look at it; thanks for mentioning.
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #11 on: September 06, 2009, 02:40:13 PM »
I haven't done too much in this realm, but I've had some surprising results with a couple of simple google searches. '@domain.tld' can bring some good results. For larger volumes of results I'll second (third? fourth?) theharvester.py.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.08 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.