.

Hacking (harvesting) email addresses tutorial please!

<<

Sistem74

Newbie
Newbie

Posts: 2

Joined: Sat Sep 05, 2009 3:40 am

Post Sat Sep 05, 2009 3:45 am

Hacking (harvesting) email addresses tutorial please!

Hallo,

I have Ecrawl and Atomic Email Hunter to harvest email addresses but they all suck.

How can I get into a site and collect email addresses? Any tutorials?

Thank you!
<<

LSOChris

Post Sat Sep 05, 2009 8:30 am

Re: Hacking (harvesting) email addresses tutorial please!

wget & grep  + brain ?!?
<<

don

User avatar

Administrator
Administrator

Posts: 4262

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 05, 2009 10:00 am

Re: Hacking (harvesting) email addresses tutorial please!

Not what we do here at the 'Ethical' Hacker Network.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4262

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 05, 2009 2:42 pm

Re: Hacking (harvesting) email addresses tutorial please!

After a great offline discussion with an EH-Net Member, I unlocked this topic. Let's see where it goes. Hopefully it stays within the legal realm of pen testing.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1187

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Sep 05, 2009 3:14 pm

Re: Hacking (harvesting) email addresses tutorial please!

Chris G's method would be great, I'll have to add it to my list.  Google + site's domain name would be another way. 1 search google for just the site, 2 search google for just the @domain_name.

I think the big question is though, why do want the email address?

From a pentest perspective, I could see collecting the different email addresses for trying to get possible log in names, or people in the company to try and impersonate for Social Engineering.

From a security standpoint to see if people are spoofing your comapny / found an open relay.

From a non-security related world, the only legal reason I could see doing this would be for an EECB (Executive Email Carpet Bomb). http://consumerist.com/259713/how-to-launch-an-executive-email-carpet-bomb

There are other methods, if I recall correctly, covered in Hacking for Dummies. But you really should only try to get email address for ETHICAL reasons. Spamming people is bad. Trying to get the information for just showing of is bad too.
OSWP, Sec+
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Sat Sep 05, 2009 7:08 pm

Re: Hacking (harvesting) email addresses tutorial please!

Dont forget Maltego!  :)
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Sat Sep 05, 2009 10:27 pm

Re: Hacking (harvesting) email addresses tutorial please!

theharvester.py is the best tool for the job most of the time.

Also maltego and BiLE suite can help with it.
<<

Sistem74

Newbie
Newbie

Posts: 2

Joined: Sat Sep 05, 2009 3:40 am

Post Sun Sep 06, 2009 1:53 am

Re: Hacking (harvesting) email addresses tutorial please!

Thanks you guys. Very interesting answers.
<<

LSOChris

Post Sun Sep 06, 2009 7:53 am

Re: Hacking (harvesting) email addresses tutorial please!

don wrote:Not what we do here at the 'Ethical' Hacker Network.

Don


what don? use our brains? yes we do!  ;D
<<

LSOChris

Post Sun Sep 06, 2009 7:59 am

Re: Hacking (harvesting) email addresses tutorial please!

a more serious answer would be...

1. maltgeo

2. theHarvestor (there are a couple of other google email crawlers most outdated based on google changing the way they return results)

3.  google for target site:blah.com @blah.com (doesnt work so great anymore though)

4. use webbrowser + brain to figure out email naming convention of target

5. use metagoofil to extract metadata and usernames

6. either programatically or by hand join 1-5 together for your hopefully authorized SE activity.
Last edited by LSOChris on Mon Sep 07, 2009 1:52 pm, edited 1 time in total.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1254

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Sep 06, 2009 12:52 pm

Re: Hacking (harvesting) email addresses tutorial please!

I would recommend metagoofil and Maltego as well.

Haven't heard of theharvester.py before, but will look at it; thanks for mentioning.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 929

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Sep 06, 2009 2:40 pm

Re: Hacking (harvesting) email addresses tutorial please!

I haven't done too much in this realm, but I've had some surprising results with a couple of simple google searches. '@domain.tld' can bring some good results. For larger volumes of results I'll second (third? fourth?) theharvester.py.

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software