A big part of “hacking”, or more accurately, information security testing is gathering information. *In this tutorial we will cover some very basic methods on how to gather information on a specific target (ie one person). The information we will look for is the first and last name of the target as well as the city and state that they live in, then we’ll use that information to get the target’s phone number.
There are alot of ways and reason target an individual for information gathering, but we are only going to discuss the “how” not the “why”. Our primary tool in this tutorial is going to be Google. Why Google? Because it has all the advanced search functions that pretty much none of the other search engines have. Our secondary tools are going to be IPtools.com and IP-Adress.com, which both are great sites to help one gather information based on an IP addresses. Last but not least, we are going to use the “Google Phone Book”, which uses several online directories to search for phone numbers. (note: Google Phone Book does not do reverse phone look ups, ie. you can’t plug a number in and get a name and address)
Now, on to the part that involves work. Lets say your company has asked you to gather all information on some d00d who’s been naughty. All they have is a screen name or an email address. What do you do?
First – You’ll need their real name. There are a couple simple ways to do this, depending on what info you already have. However, all of them involve searching with Google and being patient.
The Email Search:
If you have a personal email address for the target, then a great way to gather info on them is to search Google with the prefix of their email address (ex: email@example.com means search for prefix). If your intended target has had that email address for a long time, you will probably find alot of info on them, maybe even their phone number, which makes the Google PhoneBook part not needed. If this happens, just call the number from a disposable cell phone, which you paid cash for, and make the classic “wrong phone number” conversation where you ask “Who am I talking to?”. However, finding a phone number on the first try rarely happens. You need to prepare for a lot of time sitting there sifting through useless info till you find what you need. This can be a bit of a pain, scanning page after page of results, or getting no results at all, but remember a big part of hacking is patience, especially the info gathering side of hacking.
The Blog Profile Search:
Another way to gather info on a target is to go to their blog. Many, many people with blogs wind up letting a little too much info slip in their “profile”, including email addresses and all kinds of stuff. Even a screen name can lead to a fruitful Google search. Try using different combinations of a screen name, their blog and or other screen names they might be associated with. Again, TIME will bring you what you want, not impatience and frustration. Relax.
The Domain Name Search:
As for websites, if the target has a top level domain, not a subdomain like this blogs URL, you can do a quick check with iptools.com. Use the “domain info” tool to get a nice list of who owns the domain name in question.
Note: If the domain name or blog gets you at the very least an email address you’re good.
Second – You need to find out where they live, not an exact location, but the city and state:
Barring the lucky find of a name and phone number on your first Google search, its time to use IP addresses. So, lest say all you have is an email address from a website or blog or whatever, now its time to do some social engineering.
If you don’t already have TOR and Privoxy set up on your machine, please do so. Using TOR will hide your IP from any emailing service that you might use, as long as you configured it correctly. You could use JAP, but I’ve had some trouble with anonymity levels with them. Now, get an account that sounds business like or like a person who might have sent an email erroneously. After you have your account AND set up TOR to cover your ass, email your victim. Make it seem like you somehow emailed them by accident with a love not for “your best gal” or “a suprising confession” or “Your crushed feelings about a lost loved one asking for advice”. In most cases people will email you back to let you know that you sent them this email by accident. The most important thing to remember is that you need them to email YOU.
Now that you have an email from your target, you can check the header information for the IP address that they were at when they emailed you. It will be in a FULL header (not just the from, to, bcc header). The IP will be in brackets, like this [127.0.0.1] in the line that starts with “Received: from”. For more info on this see our past post on finding and tracing the IP of an email sender. If you plug that IP into www.ip-adress.com it will give you a location, a map even, of where the email was sent from.
Another place to look for IP’s from your target are comments in blogs or forums. Sometimes these comments log the IP address of the commenter. Use that IP address just like you would with the email IP address.
The absolute last ditch, hail mary effort for scrounging up an IP, is to get your target on IM and send them a pic or something. You can then follow the packet you just sent back to your target’s IP. How you get them on IM will take alot of warm up talk and other net friend wooing. Again, this is a last ditch effort that exposes you to the most vulnerabilites to get discovered, you may want to wait until the Advanced Info Gathering Tutorial comes out before trying the IM trace.
Third – Using Google PhoneBook To Get a Phone Number:
There are probably alot of people out there that already know the advanced search operators that will take you to “Google Phonebook”. However,Just in case you don’t, here they are:
rphonebook: firstname lastname city state
bphonebook: firstname lastname city state
FYI – rphonebook, will give you residential listings and bphonebook, will give you business listings.
To give it a whirl just go to Google, cut and paste one of the operators in the example into the search field. You can search for yourself, you can search for whomever. I linked the image below to a blank search result, you can just click on it to get to the phonebook:
NOTE: You can drag that image to your bookmarks toolbar and use it like any other link you got up there.
If you have successfully completed stages one and two, then you have the name, city and state of the target. Just plug that info into the Google PhonBook and you should get some results. However, don’t be discouraged if you don’t. There are other online tools to seach for phone numbers, including Verizon super pages, and a whole host of other sites. The Google PhoneBook just happens to be the simplest to use.
With all the different techniques and places I gave you to look for information on a target, you should have the name, city and state of your target. However, I cannot emphasize enough that this type of info gathering will generally be VERY time consuming, especially if this is your first try at any of this stuff. BE PATIENT. You should, and or, will get something eventually.
However, please note that these are very basic information gathering techniques, so if your target has been very clever to keep their online info seperate from who they are in meatspace, then you may have to wait until the Advanced Information Gathering Tutorial.
Happy gathering!! If you think of anything I have missed or anyways to improve this tutorial, including grammer and spelling (0_O), please let me know via the comments.
* Standard disclaimer, educational use etc, applies to all information contained in this blog post. The “standard disclaimer” can be found in the “About/Warning” page of this blog.