Follow us on Twitter!
It is never to LATE to become what you never WERE.
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 74
Guests Online: 73
Members Online: 1

Registered Members: 82803
Newest Member: Tired_of_being_ignorant
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-10-08 11:43
Hey guys,

I read the article on data mining and found that it was pretty basic, and checked out Intelius. so,

1. How does Intelius get all that info? I really don't want to shell out 100 bucks for two people, can I do a more manual search of online public records that Intelius draws upon, if so, any ideas where to start?

2. Does anybody know where I can get some more advanced data mining material?

I am trying to dig up as much dirt on two corporate members as I can.

Very much appreciated,

whitecell
Author

RE: Data Mining

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 13-10-08 21:44
Ask Maug.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 00:34
Thanks spyware I PMed him, and hey moshbot are you good with google hacks. Could they help with data mining?
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 04:30
Alright I have begun the Google hacking experience. How can I get past a 403 forbidden page? URL hack of some kind?
Author

RE: Data Mining

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 14-10-08 04:31
whitecell wrote:
Alright I have begun the Google hacking experience. How can I get past a 403 forbidden page? URL hack of some kind?


Special laserbeam cannon should do it.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 04:33
whitecell wrote:
Alright I have begun the Google hacking experience. How can I get past a 403 forbidden page? URL hack of some kind?

403 is an .htaccess-protected folder. You could start by trying to find that. Also, LFI attacks can circumvent that.


Author

RE: Data Mining

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 14-10-08 04:34
Wow, I learned something today, never put that together (LFI & 403's). Makes sense though.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 05:01
Zephyr_Pure wrote:
403 is an .htaccess-protected folder. You could start by trying to find that. Also, LFI attacks can circumvent that.

Don't many sites store .htaccess and .htpasswd files below the root directory? I guess LFI could still exploit it though.
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 05:18
Hit NurBo up he'll attempt to do it for free



Postby NurBo on Mon Oct 13, 2008 4:51 am
- [ Basic Google Profiling
Author: NurBo
Msn: wakeupneo@live.com

$_Introduction
$_Basic Profiling
$_Social Accounts
$_Ask A Friend
$_Disinformation Campaign

Introduction;;
Google is one of the most known search engines people are using it know days to manipulate it such as finding information on people finding downloads etc etc. ('google dorking'Wink Now sense Google holds so much information ('Big Brother'Wink It's used by alot of people to start the bases of a profile on some body.

Basic Profiling;;
Now I will show you some nice Google searches on how to start yourself a profile on somebody threw Google. People
use the same email address (obviously) so im assuming if your trying to profile somebody you already have some
sort of information on them. So let's say you have there email address let's start Google

heyitsnurbo@gmail.com

Several results show up you go thew the websites looking for more information on the person such as other email
address or aim/msn/yahoo accounts. But maybe you searched there email address ('heyitsnurbo@gmail.com'Wink and
nothing shows up try this

heyitsnurbo@

And you might get a few results which is another start Smile Ok now here are some searches to find more information
on the target

heyitsnurbo@
heyitsnurbo msn:
heyitsnurbo
heyitsnurbo Myspace
heyitsnurbo contact me
heyitsnurbo name
heyitsnurbo age

You can get several different Google results with those!

Social Accounts;;
Now I just searched ('heyitsnurbo Myspace'Wink and a result came up with his Myspace and its a public Myspace [if your
going to make a social networking account such as Myspace,Bebo,Facebook then always make your profile private.
So I just found his Myspace I go threw his Images save them all now if he/she doesn't have there first name as there Myspace name ('which most people do'Wink Then I'll just go threw his/her comments looking for there first name.
Now I have his first name,photos,emails,what websites hes signed up on.

Ask A Friend;;
Ok now I have heyitsnurbo email address,picture,firstname,his friends information, what website he hangs out on. Now one of the biggest things alot of people like to use for a quick way to get information is look at that persons comments on there social networking profile. And see who talks to him the most and says his real name etc look at there profile and see if they live in the same city.

sidenote;;
you can also look at there top friends and look at all of there locations and confirm what state and city that person lives in. And usually at least one of there top friends has a "Hi im NurBo and I goto STFU High School".

Now you can just message one of there top friends (I prefer girls) and say
Subject:hey!?!?!? =]]
HeYy do you know Brent Junker???... were suppose to goto gamestop today but i lost my cell phone >_< do you
know his celly thanks.

"New Message"
555-555

So now you have pictures,emails,what websites hes active on,phone number,city/state/school there you go you have a basic profile.

Disinformation Campaign;;
Now if you are in the security scene and your active know alot of people im sure one or two people will try to profile you. Now to have the upper hand you always want to put fake information out there about yourself fake pictures fake names supposedly your "phone number". Its always good to make the attacker think he has all of your information when in actuality he has no clue just go with the flow.

Its best not to release any sort of information but im sure you'll have those good online friends so you'll release some information here and there just stay safe and anonymous.
-NurBo


Edited by on 14-10-08 05:18
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 09:30
Public information is made to be public. Very basic things like phone numbers, addresses, and birthdays can be gathered from a variety of sources (banking, work, mailing lists, etc), and there aren't really too many legal restrictions. Just don't abuse it, and no one will care if you have that information.

criminal records/ sex offenses, can only be accessed by judges and licensed investigators. Intelius has access to this information because money talks.

social security numbers can be used to get information, but you can't give legal information and get a ssn. You can have an ssn verified though. And obviously the ssn are linked to the names on those sites' db, so... And of course the government has even more even more inclusive db.

This is all public/legal information. It means nothing to someone in the corporate world, unless you actively abuse it. In that case, it is far more trouble/liability than it's worth. Learning the US laws first will hopefully show you where the information in that field is. look at "privacy" not data mining / cyber stalking. Same book, different cover.




Edited by on 14-10-08 09:34
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 11:19
Thanks Zephyr_Pure I am gonna do more research on that. Though I pretty much have a led pencil trying to bring down the great wall of Google...

Thanks Maug good to hear from you - I PMed you.
Author

RE: Data Mining


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 12:12
Zephyr_Pure wrote:
403 is an .htaccess-protected folder. You could start by trying to find that. Also, LFI attacks can circumvent that.

new_hack8912 wrote:
Don't many sites store .htaccess and .htpasswd files below the root directory? I guess LFI could still exploit it though.

If you mean "above the web root", then yes, many sites do. Many sites also store those files inside the folder they're password-protecting. Obviously, since there are still simple XSS and SQL Injects floating around on a number of sites, we can't assume that best practice is always in place with htaccess/passwd, either. It could even turn out to be as simple as using a directory traversal with or without LFI. For that matter, you could even take a non-related attack and aim to escalate it to the point of gaining root on that site... which would effectively render an htaccess/passwd irrelevant.