Alert
Don't use this technique to spread disgrace or po*n videos and other bad things
This article is made in 2 language. Indonesian and English
English version :
Hello
welcome back with me Bayu Aji this time I will share about OSINT
techniques and tips and tricks. This article is a request from Seccodeid
channel subscribers, thank you for giving you an idea, if you want to
request what to discuss join us you can join the Seccodeid Channel, this
channel contains about events, quiz and discuss about IT here is a link
Telegram : https://t.me/seccodeid
Okok,
talking about OSINT there are actually positive and negative impacts to
that I don't teach you how to divulge disgrace, identity of a person in
public. Lets do it Will you be taught how to avoid OSINT attacks? What
to prepare for? Okok I will discuss one by one, so read carefully yes
# Prepare Tools
You can prepare some tools, techniques or methods that will be used including:
1. Sherlock
2. Metedata remover
3. Exif tools
4. OSINT framework
5. Dorking
6. Metasploit
7. Privacy badger extension
8. Social engineering
Of
the few I've mentioned, it's like this. Actually there is more but here
will not discuss in depth or can be said fundamentals first. Okok after
you prepare the tools and techniques. Now it's time to discuss how to
implement the material. Check this out
# OSINT Implementation
How
do we stalk someone who is deep enough? Can we find out about someone
in detail and in full? Yes it can, it all comes back to yourself how you
attack, the datasets you collect such as photos, names, schools, hobys,
social media and others then you can analyze the data such as dorking,
stalking social media and other things, after that you can create a
report or report and reanalyze it. Okok time I'll discuss his technique.
The thing I will do will probably be sensitive for it here the target
is myself so that no one is harmed and blamed.
1. Hunting username
Executing sherlock -h
usage: sherlock [-h] [--version] [--verbose] [--folderoutput FOLDEROUTPUT]
[--output OUTPUT] [--tor] [--unique-tor] [--csv]
[--site SITE_NAME] [--proxy PROXY_URL] [--json JSON_FILE]
[--timeout TIMEOUT] [--print-all] [--print-found] [--no-color]
[--browse] [--local]
USERNAMES [USERNAMES ...]
Sherlock: Find Usernames Across Social Networks (Version 0.14.0)
positional arguments:
USERNAMES One or more usernames to check with social networks.
optional arguments:
-h, --help show this help message and exit
--version Display version information and dependencies.
--verbose, -v, -d, --debug
Display extra debugging information and metrics.
--folderoutput FOLDEROUTPUT, -fo FOLDEROUTPUT
If using multiple usernames, the output of the results
will be saved to this folder.
--output OUTPUT, -o OUTPUT
If using single username, the output of the result
will be saved to this file.
--tor, -t Make requests over Tor; increases runtime; requires
Tor to be installed and in system path.
--unique-tor, -u Make requests over Tor with new Tor circuit after each
request; increases runtime; requires Tor to be
installed and in system path.
--csv Create Comma-Separated Values (CSV) File.
--site SITE_NAME Limit analysis to just the listed sites. Add multiple
options to specify more than one site.
--proxy PROXY_URL, -p PROXY_URL
Make requests over a proxy. e.g.
socks5://127.0.0.1:1080
--json JSON_FILE, -j JSON_FILE
Load data from a JSON file or an online, valid, JSON
file.
--timeout TIMEOUT Time (in seconds) to wait for response to requests.
Default timeout is infinity. A longer timeout will be
more likely to get results from slow sites. On the
other hand, this may cause a long delay to gather all
results.
--print-all Output sites where the username was not found.
--print-found Output sites where the username was found.
--no-color Don't color terminal output
--browse, -b Browse to all results on default browser.
--local, -l Force the use of the local data.json file.
- Start hunt your target
sherlock target
sherlock your target
- Start analyzing
How do we analyze? Once you've done a sherlock command you can wait for that process to finish. If it is finished next you analyze the report tools for example checking one by one from the results of the report. Here's an example
grep Telegram report.txt
grep your content file or path
Result :
- Dorking method┌─[uyab@Jieyab]─[~/Desktop]└──╼ $grep Telegram report.txt[+] Telegram: https://t.me/WahyuBayuAji┌─[uyab@Jieyab]─[~/Desktop]└──╼ $grep Linkedin report.txt
Sherlock
can search for anything like usernames, social media accounts and
sites. If the results of sherlock are not right, you can use this
technique dorking technique very freely you can search for anything with
this technique. Here's the dorking order.
1. intitle:
Search for specific titles
2. inurl:
Search for specific urls or paths
3. intext:
Search for specific words or contects
4. filetype:
Search for files
5. site:
Website or target specifically
Example
1. filetype:log username putty2. filetype:xls inurl:"email.xls"3. intitle:"webcamXP 5"4. inurl:zoom.us/j and intext:scheduled for5. "index of" "database.sql.zip"6. intitle:"Index of" wp-admin
Result :
inurl:"admin" site:.edu
Here is an example of dorking, you can find anything specific by dorking. You can develop your dork into a powerful dork
- OSINT framewok tools
If your search results are lacking. Maybe you can use the OSINT FRAMEWORK tool is powerful enough to find the target details, the following are the tools collected by the OSINT FRAMEWORK
- Hunt with yandex reverse image
- Hunt with Instagram location search
In this case you can use the tools of bellingcat instagram location search. You can install the following tools are links
Link: https://github.com/bellingcat/instagram-location-search
Tools work by taking sessions from the browser will then capture in the form of lat, ing and destination location
- Hunt with EXIF tools
In this case you can read the metadata on a file to see what is in the file. If you're lucky to get geolocation on the file. This method is very effective to use moreover files that are fresh or original from direct sources you can use exif tools offline or online.
exif tool online jimplexif
exif tool online pic2map
exif tool cli
You can use exif or exiftool cli. You can download the exif tool with the following link
Tautan : https://www.exiftool.org/
ExifTool Command-Line Examples
0) Extract information from a file
exiftool a.jpg
A basic command to extract all metadata from a file named a.jpg.
1) Basic write example
exiftool -artist=me a.jpg
Writes Artist tag to a.jpg. Since no group is specified, EXIF:Artist will be written and all other existing Artist tags will be updated with the new value ("me").
2) Write multiple files
exiftool -artist=me a.jpg b.jpg c.jpg
Writes Artist tag to three image files.
3) Write to all files in a directory
exiftool -artist=me c:/images
Writes Artist tag to all files in directory c:/images.
4) Write multiple tags
exiftool -artist="Phil Harvey" -copyright="2011 Phil Harvey" a.jpg
Writes two tags to a.jpg.
5) Extracting duplicate tags
exiftool -a -u -g1 a.jpg
Print all meta information in an image, including duplicate and unknown tags, sorted by group (for family 1).
6) undefined
exiftool -common dir
Print common meta information for all images in dir.
7) undefined
exiftool -T -createdate -aperture -shutterspeed -iso DIR > out.txt
List meta information in tab-delimited column form for all images in directory DIR to an output text file named "out.txt".
8) undefined
exiftool -s -ImageSize -ExposureTime b.jpg
Print ImageSize and ExposureTime tag names and values.
9) undefined
exiftool -l -canon c.jpg d.jpg
Print standard Canon information from two image files.
10) undefined
exiftool -r -w .txt -common pictures
Recursively extract common meta information from files in C directory, writing text output into files with the same names but with a C<.txt> extension.
11) undefined
exiftool -b -ThumbnailImage image.jpg > thumbnail.jpg
Save thumbnail image from C to a file called C.
12) undefined
exiftool -b -JpgFromRaw -w _JFR.JPG -ext CRW -r .
Recursively extract JPG image from all Canon CRW files in the current directory, adding C<_JFR.JPG> for the name of the output JPG files.
13) undefined
exiftool -d "%r %a, %B %e, %Y" -DateTimeOriginal -S -s *.jpg
Print formatted date/time for all JPG files in the current directory.
14) undefined
exiftool -IFD1:XResolution -IFD1:YResolution image.jpg
Extract image resolution from EXIF IFD1 information (thumbnail image IFD).
15) undefined
exiftool "-*resolution*" image.jpg
Extract all tags with names containing the word "Resolution" from an image.
16) undefined
exiftool -xmp:author:all -a image.jpg
Extract all author-related XMP information from an image.
17) undefined
exiftool -xmp -b a.jpg > out.xmp
Extract complete XMP data record intact from a.jpg and write it to out.xmp using the special XMP tag (see the Extra Tags).
18) undefined
exiftool -p "$filename has date $dateTimeOriginal" -q -f dir
Print one line of output containing the file name and DateTimeOriginal for each image in directory dir.
20) undefined
exiftool -ee -p "$gpslatitude, $gpslongitude, $gpstimestamp" a.m2ts
Extract all GPS positions from an AVCHD video.
22) undefined
exiftool -icc_profile -b -w icc image.jpg
Save complete ICC_Profile from an image to an output file with the same name and an extension of C<.icc>.
23) undefined
exiftool -htmldump -w tmp/%f_%e.html t/images
Generate HTML pages from a hex dump of EXIF information in all images from the C directory. The output HTML files are written to the C directory (which is created if it didn't exist), with names of the form "FILENAME_EXT.html".
This method is a way of recommendation, you can collaborate with social engineering techniques to be more powerful
- Hunt with mestaspolit
Metasploit, this tool has a lot of uses for web testing, social engineering, and virtual machine trials. This tool can also be used for dorking such as dorking camera using shodan and others. This method is quite difficult to do because the operating system and software today have been updated. Payload metasploit will be easily detected by antivirus and this technique is not easy you have to be able to social engineering to trap targets in our network and payload will be executed. To do this you need one network with the target. If you succeed one network with the next target you create a payload you are required to be able to inhabit a metasploit meterpreter to expand each command line What can metasploit do?
1. Know the system used
2. Approve all files
3. View browsing history, sms, phone and more
4. Spy camera
5. Spy mic audio
6. Copy the file
7. Access rights to the system
- Hunt with Geo OSINT
Okok in the next point is geo OSINT. In this case you can find the location of an image or a video. You can analyze the place and try to find where the position of the image is. Geolocation serving can be used in many ways. It is used by governments and police for safety purposes, such as unmanned flying boats or ankle bracelets, which has some unsettling effects when we think about the fact that there is no reliable form of data collection. Use geolocation to track altitude changes, view position history, find nearby stores, tag social media photos, check in to locations, get local weather, etc. You can learn geo OSINT with GeoGuessr
Tautan : https://www.geoguessr.com/
There are various tools that you can use including:
1. CREEPY
2. METAGOOFIL
3. GEONAMES
4. GEO-RECON
- Hunt with social engineering
At the last point is social engineering. You can collect your dataset with this method, social engineering techniques that are difficult and challenging to do not just anyone can master this technique. I think this technique is difficult to do, unless your target is weak and lack of literacy may be very young, but imagine if your target is a person who knows the ins and outs and high litration this is very difficult. So what can social engineering do?
1. Know the full name of the target
2. Know the target details
Can we be immune from social engineering? Hmmm I don't think so, it could be at any time me or you can be hit by this attack, social engineering can attack at any time and do not know who you are (indiscriminate). This technique could be used by hackers for personal gain, ordinary pleasure or threatening someone, each hacker must have a certain purpose, for that we as users (users) must be careful and always vigilant.
# OSINT report
Once
you collect data, analyze it is time for you to create a report. You
can create osint reports from what you find, here is a simple OSINT
report template
1. Name
2. Photo
3. Location
4. Date born
5. Social media :
- Telegram
6. School
7. Last location
8. Close friend
any
# How to minimize OSINT attacks?
After
learning various OSINT techniques it's time to discuss how to minimize
OSINT attacks. Surely you don't want to be on OSINT, do you? Doxing?
Well for that you can do this way
- Reduce the perpetuation of personal information to the public
You can reduce things that smell of personal information to the public such as your resume, where you play, your preferences and transaction history that complains about account numbers and others. You simply reduce something like this basically what you uplaod on the internet will become public property anyone can see, claim, use and so on. And the digital footprint is very hard to lose for that you are careful and always vigilant.
- Never trust with people
Reduce your trust in strangers or new people. You don't have to instill 100% trust in strangers, if you want to entrust someone it would be nice for that person to be your relative, your parents and your true friend and don't send anything personal to a stranger.
- Deleting your metadata file
Okok the last way. Always delete your file metada this is aimed at keeping your identity against others (strangers) As I explained above someone can track and know you through a metadata on the file suati for that you can use online tools or offline tools to remove your metada. Here are the tools
1. https://jimpl.com/ (online tools)
2. exif tool untuk mengedit metadata Anda (offline tools recomend)Keyword search :
- OSINT
- OSINT technique
- Learn OSINT