Within the first few results, you should notice a few legitimate-looking email addresses, specifically gramophone@gmail.com and all_in_all@gmail.com. You could sift through these results by hand plucking out e-mail addresses, or you could simply run this Perl script, which does all the heavy lifting for you. We'll run the Perl script, instructing it to search for gmail.com addresses, only using 1 of our 1000 daily allotted API queries (which translates to a total of 10 Google results).The output of this run is shown in Figure 4.5.
Notice that this script also located the e-mail addresses we found when we performed the search manually. This script really begins to shine when we allow it to sift through more results. Allowing the script to process through 50 results (run with ./email-maine.pl gmail.com 5) returns many more e-mail addresses, as shown below:
Obviously, the vast majority of these e-mail addresses are invalid, but this script really shines when it's fed more specific domain names instead of free Web-based domain names.
Patience Pays Off
Searching through thousands of Usenet posts is a tedious and time-consuming process; however, you will find the results well worth the effort. In addition to current employees, you will likely find the names of former employees, who make for great social engineering targets.
Addresses, Addresses, and More Addresses!
E-mail addresses can show up in so many places that it's nearly impossible to list them all. However, let's take a look at some great examples. Both Outlook Express and Eudora, two popular e-mail clients, use the .mbx extension for storage of e-mail. A Google search such as
Obviously, a person's private e-mails can reveal loads of information about that person, as well as the company that person works for. They also provide names of coworkers, friends, and family members as well as any mailing lists they belong to.
However, more than e-mails can be found using Google. Many organizations use Microsoft Outlook for their e-mail and calendaring purposes, and it seems that Outlook has become the de facto standard in the workplace. With this in mind, the process of finding e-mails, calendars, and address books can be simplified using a search such as
Figure 4.7 Microsoft Outlook Files on the Internet
f3 ft r\ Google Search; FiJetypeipst pst ( contacts I address | inbox}
The Windows Registry, the heart and soul of a Windows machine, can also be searched for e-mail addresses. It is, after all, a text file. But Google scanning a machine's registry? It can't happen, right? Rest assured, a search like
The list of potential e-mail address locations could go on and on, but since we're not in the business of reckless tree killing, we'll just round out this section with a few examples from the Google Hacking Database.Table 4.1 presents several queries that can be used to dig up e-mail addresses, sometimes in the strangest of places!
Apache server error could reveal admin email address
Cgiwrap script can reveal lots of information, including e-mail addresses and even phone numbers
CSV files that could contain e-mail addresses
dead.letter UNIX file contains the contents of unfinished e-mails that can contain sensitive information
fastcgi echo script can reveal lots of information, including e-mail addresses and server information
Finds Outlook PST files, which can contain e-mails, calendaring, and address information
Generic "inbox" search can locate e-mail caches
Maillog files can reveal usernames, e-mail addresses, user login/logout times, IP addresses, directories on the server, and more
Microsoft Access databases that could contain e-mail information
Microsoft Excel spreadsheets containing e-mail addresses
Microsoft Excel spreadsheets containing the words username, password, and email
Outlook Express cleanup.log file can contain locations of e-mail information
No comments:
Post a Comment