Post 03 - OSINT

03 Dec 2022

Task 8, Day 03, OSINT Nothing escapes detective McRed

OSINT - gathering and analysing publicly available data for intel purposes. Sources include internet, mass media, specialist journals and research, photos, and geospatial information. Accessed via open internet (indexed by search engines), closed forums (not indexed by search engines), deep and dark web.

Techniques

Google Dorking

Specialist search terms and advanced search operators to find results not usually displayed. Can search for specific file types, cached versions of sites, websites with specific text, etc.

• inurl - Search for specific text in all indexed URLs. inurl:hacking
• filetype - Search for specific extensions. filetype:pdf "hacking"
• site - Search all indexed URLs for specific domain. site:tryhackme.com
• cache - Latest cached version by Google search engine. cache:tryhackme.com

i.e. site:github.com "DB_PASSWORD" to find possible database credentials only in github.com

WHOIS Lookup

Database of public domain information such as registrant, administrative, billing, and technical contacts. May now be concealed through Domain Privacy options.

Robots.txt

publicly accesible file created by web admin for search engine “config”. Access by appending /robots.txt to end of URL. i.e. google.com/robots.txt. Disallow parameter hints at sensitive directories that can be manually accessed (admin panel, logs folder, etc.).

Breached Database Search

Services like HaveIBeenPwned. Search for email addresses to identify any leakage or breaches.

Searching Github Repos

Common flaw of devs is to leave privacy set to public when repos contain complete source code, passwords, access tokens, etc.

The Task

Find information for santagift.shop through OSINT.

Almost at the point of getting hints because I wasn’t paying close enough attention to what was on my screen.