Discover a E-mail

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Discover a E-mail

Post by Yukuko23 on Mon Aug 28, 2017 10:43 am
([msg=94183]see Discover a E-mail[/msg])

*edited by a moderator because of personal info*
Yukuko23
New User
New User
 
Posts: 1
Joined: Mon Aug 21, 2017 10:41 am
Blog: View Blog (0)


Re: Discover a E-mail

Post by hackuin60s on Mon Aug 28, 2017 1:34 pm
([msg=94184]see Re: Discover a E-mail[/msg])

Let's take the probabilities.

The email contains 10 character name, starting with letter 's' and ending with letter 's'.
If we generate all possible combinations of this 10 letter word, like say using the tools 'crunch' [A word list generator], with just alpabets, its creates size of 1TB file, look at the image below:

Image

Now, the point is first, verifying the valid gmails of all that list.

    Option 1:


    Option 2:

      Verifying yourself:

      Obviously for this you need to code some scripts.
      I did wrote a email verifies around 6 years back, you can view the topic at:
      http://garage4hackers.com/showthread.ph ... ail+verify

      However, the script doesn't work any more, as Google blocked MX queries and nc[netcat] query, and I have no time for patching or whatsoever, but, you can get the MX records at 'mxtoolbox'.

      Image

      The logic:
      we can connect to smtp server of gmail:
      Make a raw request, by using telnet ( as nc[netcat] signature is blacklisted at Google mail servers).
      If email exists, we get Respose Code '250', if email doesn't exits we get Response code '550'.
      You can script the logic with bash and expect to connect to smtp and check the response code if 250 email is valid, and if 550 the email id is invalid and redirect it to a file. Please see the above article of mine for understanding the more specific logic.
Look at image below:

Image

Now, coming back to the guy's email ID, so even after verifying all the valid 10 letter gmail ID's, which is going to be very extensive list, you cannot bombard the facebook with all the emails at facebook, because facebook have captch verification after 10+ attempts, there was an option to verify email ids at facebook search box, which I did demonstrated in my talk at nullc0n 2015, you can watch video --> [ https://www.youtube.com/watch?v=Q33CFH0u92s ]
However, it got patched and now Facebook does not allow searching people with email ID's.

So, I think I have clear you a bit, what it takes to break/hack according to you, to find/Discover email-ID.

-Hackuin
Certified: RHCSA, RHCE, CCNA.
Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
User avatar
hackuin60s
New User
New User
 
Posts: 24
Joined: Mon Apr 14, 2008 3:17 pm
Blog: View Blog (0)


Re: Discover a E-mail

Post by Clippingpath77 on Thu Oct 19, 2017 11:02 am
([msg=94814]see Re: Discover a E-mail[/msg])

wow! it feels great to read this article. keep speeding the light of education .thank you.
Clippingpath77
New User
New User
 
Posts: 15
Joined: Tue Sep 26, 2017 6:26 am
Blog: View Blog (0)



Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests