Today something pleasant and fully automated. We are going to talk about acquiring the password to a given email based on known password leaks. There are situations when, while carrying out attacks, we would like to get the emails associated with the attacked domain. We can use theHarvester tool for this.
theHarvester
TheHarvester is a script written in python used for white intelligence. It collects emails, usernames, subdomains, IP addresses and more from public sources. It uses as many as 40 available tools for passive reconnaissance, however, fourteen of them require API keys to be set up. Well, but let's get to the specifics.
In the example we are discussing, we want to get all the emails in circulation associated with the example.com domain. To do this, we will use the following command.
┌──(figaro㉿kali)-[~/]
└─$ theHarvester -d example.com -b google
*******************************************************************
* _ _ _ *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* theHarvester 4.0.0 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
* *
*******************************************************************
[*] Target: example.com
Searching 0 results.
Searching 100 results.
Searching 200 results.
Searching 300 results.
Searching 400 results.
Searching 500 results.
[*] Searching Google.
[*] No IPs found.
[*] Emails found: 13
----------------------
555-555-0199@example.com
adresa@example.com
anna@example.com
example@example.com
max.mustermann@example.com
osoba@example.com
regemail@example.com
someone@example.com
x22555-555-0199@example.com
x22adresa@example.com
x22anna@example.com
x22regemail@example.com
x22someone@example.com
[*] Hosts found: 13
---------------------
253dwww.example.com
abc.example.com
app.example.com
builder.page.example.com
derid.example.com
stage.example.com
sub.example.com
u003dwww.example.com
vc.example.com
www.example.com:93.184.216.34
x22derid.example.com
x22www.example.com
xyz.example.com
We chose google for the example.com domain as our interview source. In this way we got 13 emails. We save them in a separate targets.txt file and can move on to h8mail.
h8mail
In a word of introduction - h8mail is a tool that detects whether there has been a password leak for the indicated email in the past. Diagnosis is done either through one of the twelve available APIs or based on locally stored collections with leaks. In our example, we will use the Breach compliation database. You can download it via the rtorrent command.
┌──(figaro㉿kali)-[~]
└─$ h8mail -t ./targets.txt -lb ./BreachCompilation
Official h8mail posts:
https://khast3x.club/tags/h8mail/
Version 2.5.5 - "ROCKSMASSON.5"
._____. ._____. ;____________;
| ._. | | ._. | ; h8mail ;
| !_| |_|_|_! | ;------------;
!___| |_______! Heartfelt Email OSINT
.___|_|_| |___. Use responsibly
| ._____| |_. | ;____________________;
| !_! | | !_! | ; github.com/khast3x ;
!_____! !_____! ;--------------------;
[>] h8mail is up to date
[~] Reading from file ./targets.txt
[~] Parsing emails from./targets.txt
[~] Removing duplicates
[>] Targets:
[>] x22regemail@example.com
[>] max.mustermann@example.com
[>] regemail@example.com
[>] x22anna@example.com
[>] x22adresa@example.com
[>] x22someone@example.com
[>] someone@example.com
[>] example@example.com
[>] anna@example.com
[>] 555-555-0199@example.com
[>] adresa@example.com
[>] x22555-555-0199@example.com
[>] osoba@example.com
Such a simple way, after a few minutes of checking breaches and available services we get the results.
__________________________________________________________________________________________
[>] Showing results for adresa@example.com
[~] No results founds
__________________________________________________________________________________________
[>] Showing results for someone@example.com
LOCALSEARCH | someone@example.com > [r] Line 1411935: arcanjel-someone@example.com:j092289
LOCALSEARCH | someone@example.com > [s] Line 5317894: asomeone@example.com:123456789
LOCALSEARCH | someone@example.com > [f] Line 79228: alfa146someone@example.com:123456
LOCALSEARCH | someone@example.com > [u] Line 4460618: busy_someone@example.com:dalakli
(...)
__________________________________________________________________________________________
Session Recap:
Target | Status
__________________________________________________________________________________________
max.mustermann@example.com | Not Compromised
__________________________________________________________________________________________
regemail@example.com | Not Compromised
__________________________________________________________________________________________
x22adresa@example.com | Not Compromised
__________________________________________________________________________________________
adresa@example.com | Not Compromised
__________________________________________________________________________________________
someone@example.com | Breach Found (79 elements)
__________________________________________________________________________________________
x22555-555-0199@example.com | Not Compromised
__________________________________________________________________________________________
osoba@example.com | Breach Found (2 elements)
__________________________________________________________________________________________
example@example.com | Breach Found (704 elements)
__________________________________________________________________________________________
anna@example.com | Breach Found (46 elements)
__________________________________________________________________________________________
555-555-0199@example.com | Breach Found (2 elements)
__________________________________________________________________________________________
x22regemail@example.com | Not Compromised
__________________________________________________________________________________________
x22someone@example.com | Not Compromised
__________________________________________________________________________________________
x22anna@example.com | Not Compromised
__________________________________________________________________________________________
Sources
https://github.com/khast3x/h8mail
https://github.com/laramies/theHarvester
https://gist.github.com/saturn99/c31727bc1b849fa1c2ba1d72d4ab9ecb
https://null-byte.wonderhowto.com
https://cli-ck.io/transmission-cli-user-guide/
Top comments (0)